Crackers exploited iPhones’ secret function to spy on users, Kaspersky discovers

A Kaspersky discovered last June a four-year-old attack that affected thousands of users around the world. The invaders used the iMessage to install spy programs on iPhones, capturing microphone recordings and sensitive photos.

After thoroughly analyzing the Triangulationthe company confirmed today that the crackers actually used a “hidden” feature in the iPhone hardware — which was unknown even to many technology experts.

Also according to Kaspersky, it is believed that the “secret” function may have been intended for testing or debugging (debug) by Apple engineers. However, some questions are unanswered — about how crackers discovered this feature, for example.

Who is behind the attacks is also (still?) a mystery. Initially, Russian officials pointed the finger at the United States National Security Agency, a claim denied by both Kaspersky and Apple.

According to the technology company, the crackers used a complex chain of exploitstaking advantage of four zero-day vulnerabilities (zero-day) in Apple systems [1, 2, 3, 4]including holes in fonts, the iPhone core and even Safari.

The good part about this is that Apple has fixed these vulnerabilities. Still, Kaspersky’s discovery highlights the nature of threats and reinforces the need to remain vigilant against the most sophisticated attacks.

via Ars Technica