A previously unknown hardware feature has been hijacked to hack iPhones across the world

FSB accused Apple of siding with the NSA

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Apple’s iPhone seems to have shipped with some unknown hardware features which were then uncovered by hackers who found a way to exploit them in highly destructive zero-click attacks.

A new report from Kaspersky has outlined how roughly five years ago, it discovered a unique spyware targeting iPhone devices. They named the campaign “Operation Triangulation”, and after reverse-engineering the spyware and breaking down the campaign, Kaspersky found that the attackers chained four vulnerabilities to mount zero-click attacks.

As the name suggests, these attacks require no interaction from the victim’s side and can be used to steal sensitive data from the endpoint, run code remotely, or completely take over the device.

Reader Offer: Save up to 68% on Aura identity theft protectionTechRadar editors praise Aura’s upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal. Save up to 50% today.

Preferred partner (What does this mean?)

Zero click attacks

The four vulnerabilities being chained are tracked as CVE-2023-41990, CVE-2023-32434, CVE-2023-32435, and CVE-2023-38606. It’s the latter that’s particularly interesting because it targets MMIO (memory-mapped I/O) registers in Apple A12-A16 Bionic processors which are not listed in the DeviceTree.

“If we try to describe this feature and how the attackers took advantage of it, it all comes down to this: they are able to write data to a certain physical address while bypassing the hardware-based memory protection by writing the data, destination address, and data hash to unknown hardware registers of the chip unused by the firmware,” Kaspersky said in its report.

Right now, no one knows how or why these features ended up in the commercial version of the device.BleepingComputerreports that Russia’s intelligence service (FSB) accused Apple of building a backdoor for the NSA to use against the Russian government and embassy staff. It also speculated that the features were left out by mistake, and used in the development phase for debugging or hardware testing.

In any case, Apple addressed the issue by updating the device tree to restrict physical address mapping.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

TechRadar Pro has contacted Apple for comment.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

New fanless cooling technology enhances energy efficiency for AI workloads by achieving a 90% reduction in cooling power consumption