The Apple smartphone spying scandal has suddenly begun to develop in Russia, and it looks like the end of this hype may turn out to be sad for fans of Apple technology. However, in this story, as in any similar scandal, there are many strange things.
It all started with the fact that the following news appeared on the tapes of news agencies the other day: “The FSB of the Russian Federation revealed the operation of American special services using Apple equipment, several thousand telephone sets of this brand were infected.”
Two hours later, Russian presidential spokesman Peskov said: “The use of iPhones for official purposes in the presidential administration is unacceptable and prohibited.”
A little later, a statement from Kaspersky Lab appeared: “Dozens of iPhones of Kaspersky Lab employees were infected with spyware.”
The infected iOS device receives an iMessage with a special attachment containing the exploit. Without any user interaction, the exploit in the message causes malicious code to be executed. The specified code connects to the command and control server and results in the sequential download of several "stages" of malware, including additional privilege escalation exploits.
After successful processing of all malicious components, the final malicious load is loaded - a full-fledged APT platform. The exploit message and attachment are deleted during the infection process. The malicious platform works exclusively in RAM and is not installed on the system due to limitations of the operating system. However, sequences of events across multiple devices indicate that devices may be infected again after a reboot.
The oldest infection timestamps point to 2019. At the time of writing this post, the attack continues, the lastest version of iOS on the detected infected devices is 15.7.
The analysis of the malicious platform is ongoing. It is already known that it runs with superuser privileges, implements a set of commands for collecting information about the user and the system, and also allows you to execute arbitrary code in the form of plugins transferred from the control server.
What is strange here is that Kaspersky Lab should know that any smartphone, and primarily the iPhone, runs on a completely closed proprietary operating system, is equipped with a completely proprietary processor, contains communication chips from a number of American technology companies, and all of them send complete statistics, including to the American intelligence services, using programs whose code is obfuscated and is practically not subject to analysis.
In my opinion, this is clear as daylight to any more or less educated IT specialist. Why then make this noise about an unknown infection?
After all, it has been said many times that American intelligence agencies have direct access to all the statistics of any iPhone user, contacts, all messages, location, fingerprints from 2013 from the iPhone 5S, and even full biometrics, including the retina, taken using cunning lidars. And on these devices, the “independent sovereign” Central Bank of the Russian Federation was going to make an anti-sanction digital ruble.
Well, since this is all a circus with a probability of 100%, then why this hype? Most likely, we are talking about a possible complete ban on the use of the iPhone by civil servants and employees of state enterprises, as well as companies fulfilling government orders, that is, almost everyone. And then they will generally declare it outside the law...
By the way, this is not the first scandal associated with unauthorized wiretapping of subscribers using Apple technology.