Sophisticated Cyber-Espionage Exploits Undocumented iPhone Hardware Features

A newly discovered cyber-espionage campaign, Operation Triangulation, has been exploiting undocumented hardware features in Apple’s iPhone chips to bypass security measures. Uncovered by Kaspersky’s GReAT team, the attack primarily targets Russian diplomats, officials, and private enterprises.

This zero-click attack begins with a malicious iMessage attachment, exploiting multiple zero-day vulnerabilities (CVE-2023-41990, CVE-2023-32434, CVE-2023-38606) to escalate privileges and bypass memory protections. It utilizes JavaScriptCore manipulation and hardware memory-mapped I/O (MMIO) register exploitation to install spyware.

This allowed them to extract sensitive information, including messages, passwords, and geolocation data, from targeted devices. The malware operated solely in the device’s memory, making detection challenging and ensuring it was erased upon reboot.

The campaign highlights an unprecedented level of sophistication in iPhone hacking, leveraging obscure hardware functionalities that were likely meant for testing or debugging. The attack is difficult to detect due to iOS’s closed ecosystem, making forensic analysis and network traffic monitoring critical for identification.