The moral of the story is that secrets will get out. Researchers Uncover the ‘Most Sophisticated’ iPhone Exploit Ever
What happens when you hack a cybersecurity researcher? Kaspersky, a Moscow-based security firm, presented new details regarding zero-day vulnerabilities in Apple products on Wednesday [27 December]. Kaspersky researchers are calling this the most sophisticated attack they’ve ever seen, exposing a previously unknown hardware feature.
Apple put a secret hardware backdoor into the past few generations of the iPhone. Confident that they could keep the secret of its existence secret. But some people knew, and it is a secret worth a million dollars via places like Zerodium. Maybe millions of dollars. Secrets don't get kept under those circumstances. Apple found that out.
“This is no ordinary vulnerability,” said Kaspersky’s Boris Larin in a research paper Wednesday. “What we do know—and what this vulnerability demonstrates—is that advanced hardware-based protections are useless in the face of a sophisticated attacker as long as there are hardware features that can bypass those protections.”
The articles in the mainstream tech press are not very useful or informative. If you have the time, and are interested in a deep dive into what this is, how the backdoor worked, etc. I recomend Steve Gibson's analysis from "SECURITY NOW 955: THE MYSTERY OF CVE-2023-38606." It is a two hour video, though the bit on Apple, Kaspersky, and this hardware back door starts at 34 minutes and 40 seconds.
Kaspersky’s researchers affirmatively and without question found a deliberately concealed, never documented, deliberately locked but unlockable with a secret hash, hardware backdoor which was designed into all Apple devices starting with the A12, A13, A14, A15 and A16. [Ref. SN #955 Show Notes]
Kaspersky called this "the most sophisticated attack ever discovered against Apple devices."
No comments:
Post a Comment
Comment Moderation is in place. Your comment will be visible as soon as I can get to it. Unless it is SPAM, and then it will never see the light of day.
Be Nice. Personal Attacks WILL be deleted. And I reserve the right to delete stuff that annoys me.