Apple Installed A Backdoor To Help Infect iPhones In Russia With Spyware, Claims FSB

Apple always prides itself on the security and privacy it offers to iPhone users. However, after multiple security vulnerabilities were patched in older versions of the iOS operating system, questions have been raised about the company's intentions, by Russia.

Multiple versions of the iOS operating system, powering Apple iPhone devices around the world, had security flaws that were "actively exploited", admitted Apple Inc. These were primarily used to target Russian officials stationed in foreign countries, claimed Russia's FSB intelligence and security agency.

Apple iPhones Used As Attack Vectors By US To Target Russia, Claims FSB

Russia's FSB intelligence and security agency has claimed that Apple iPhone devices, vulnerable since 2019, were used to target Russian officials. These claims are based on the fact that Apple fixed three serious vulnerabilities in iOS.

The Kernel and WebKit vulnerabilities tracked as CVE-2023-32434 and CVE-2023-32435 were exploited in attacks to install Triangulation spyware on iPhones via iMessage zero-click exploits. Apple has admitted that these vulnerabilities may have been actively exploited against versions of iOS released before iOS 15.7.

Russia has claimed that Apple helped the American NSA (National Security Agency) by installing a backdoor to infect iPhones in Russia with spyware. The FSB has claimed that it found "thousands of infected iPhones belonging to Russian government officials and staff from embassies in Israel, China, and NATO member countries".

What Is Operation Triangulation?

Kaspersky published a report this week with additional details on an iOS spyware component. The used cybersecurity company claims these components were being used in "Operation Triangulation".

Kaspersky mentioned the attack impacted its Moscow office and employees in other countries. Some of the iPhones of the company's employees were infected with previously unknown spyware via iMessage zero-click exploits that exploited iOS zero-day bugs.

"The implant, which we dubbed TriangleDB, is deployed after the attackers obtain root privileges on the target iOS device by exploiting a kernel vulnerability. It is deployed in memory, meaning that all traces of the implant are lost when the device gets rebooted," observed Kaspersky.

"Therefore, if the victim reboots their device, the attackers have to reinfect it by sending an iMessage with a malicious attachment, thus launching the whole exploitation chain again. In case no reboot occurs, the implant uninstalls itself after 30 days, unless this period is extended by the attackers."

As expected, Apple has strongly denied involvement in any espionage campaign, let alone a state-sponsored attack on Russia. "We have never worked with any government to insert a backdoor into any Apple product and never will," said an Apple spokesperson.

Apple has patched multiple security vulnerabilities and added improved checks, input validation, and state management. It is, however, concerning to note that since January, Apple has patched a total of 9 zero-day vulnerabilities. Moreover the zero-day affects older and newer models of iPhones, Macs, and even Apple Watch.

Most of these flaws were "actively exploited in the wild" to compromise iPhones, Macs, and iPads. Hence, it is critical to keep smartphones, tablets, and computers from Apple and other manufacturers updated with the latest security and quality patches.