Russia says iPhones were hacked, blames U.S. - The Washington Post
source link: https://www.washingtonpost.com/technology/2023/06/01/russia-iphone-hack-kaspersky/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Russia says thousands of iPhones were hacked, blames U.S. and Apple
Apple denied the charge and Russia cybersecurity company Kaspersky Lab said it did not have enough data to blame any government
Russia’s Federal Security Service said Monday that several thousand iPhones in the country had been hacked in a recently discovered espionage campaign that it attributed to the U.S. government, without providing evidence.
Russian cybersecurity company Kaspersky Lab said the campaign had implanted file-stealing malware on iPhones of its employees who were running a year-old version of Apple’s mobile operating system, adding that it did not have enough evidence to blame any government or group for the breaches.
Kaspersky said it believed the infections began with an iMessage attachment without any user interaction, a vector similar to that used by Pegasus spyware vendor NSO Group and rivals that sell to government agencies around the world. A Kaspersky spokesperson told The Washington Post that researchers were still analyzing the campaign and did not have enough technical evidence to attribute it to anyone.
But the Federal Security Service (FSB) claimed that the effort ensnared thousands of victims, including diplomats stationed in that country; that the United States was behind it; and that the existence of the vulnerability showed that Apple had collaborated with U.S. government hackers.
Apple denied that charge, with a spokesperson proclaiming: “We have never worked with any government to insert a backdoor into any Apple product and never will.”
A Kremlin spokesman added that the government considered iPhones to be inherently unsafe.
The FSB said the hacked diplomats came from countries including China and Israel.
A Chinese official expressed concern.
“If what you cited is true, this will point to another example of the U.S. government’s cyber thefts on relevant countries including China,” said Liu Pengyu, a spokesman for the Chinese Embassy in Washington. “The U.S. must take seriously and respond to the concerns from the international community.”
An Israeli consular spokesperson declined to comment.
Kaspersky said none of the impacted devices were running an operating system more recent than iOS 15.7, which was superseded in September 2022, and none of them were running in Lockdown Mode, an optional setting that reduces the number of ways that iPhones can be attacked, including by limiting the functionality of iMessage.
A high-end government spying operation would more typically take advantage of an unpublicized flaw, known as a zero-day, that works even against fully up-to-date software. The devices of diplomats and private security experts are constant targets of international spying.
The U.S. Office of the Director of National Intelligence declined to comment.
Kaspersky did not publish much that would allow Apple to figure out what vulnerability was used, and it notified the company just overnight, hours before the FSB announced its conclusions.
The security firm, which often works with Russian authorities, did publish a list of obscure websites that had been used to communicate with the infected phones, as well as technical indicators of compromise that users could use to check their own devices.
Natalia Abbakumova contributed to this report.
An earlier version of this article gave an incorrrect date for when iOS 15.7 had been superseded. It was September 2022. The article has been corrected.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK