Article Details
Scrape Timestamp (UTC): 2023-12-28 15:54:04.983
Source: https://www.theregister.com/2023/12/28/kaspersky_reveals_previously_unknown_hardware/
Original Article Text
Click to Toggle View
Kaspersky reveals previously unknown hardware 'feature' used in iPhone attacks. 'This is no ordinary vulnerability' sec pros explain. Kaspersky's Global Research and Analysis Team (GReAT) has exposed a previously unknown 'feature' in Apple iPhones that allows attackers to bypass hardware-based memory protection. Addressed in CVE-2023-38606, which was patched in July 2023, the issue affected iPhones running iOS versions up to 16.6, according to the cybersecurity outfit. Kaspersky reckons the hardware feature might have been intended for testing or debugging. Certainly, the GReAT gang couldn't find any public documentation on it, which meant the attack vector proved tricky to detect and analyze using the team's usual tools. According to Kaspersky, "The attackers leveraged this hardware feature to bypass hardware-based security protections and manipulate the contents of protected memory regions." Researchers had to reverse-engineer the device to track down the vulnerability. Particular attention was paid to Memory-Mapped IO (MMIO) addresses used for communication between the CPU and other devices. The problem was that the attackers used unknown MMIO addresses to bypass hardware-based kernel protection. Therefore, the team had to pick through the hardware, firmware, and kernel images to work out what was going on. "This is no ordinary vulnerability," said Boris Larin, Principal Security Researcher at Kaspersky's GReAT. "Due to the closed nature of the iOS ecosystem, the discovery process was both challenging and time-consuming, requiring a comprehensive understanding of both hardware and software architectures. What this discovery teaches us once again is that even advanced hardware-based protections can be rendered ineffective in the face of a sophisticated attacker, particularly when there are hardware features allowing to bypass these protections." The vulnerability played a critical role in the "Operation Triangulation" campaign earlier this year, which allowed attackers to gain access to targeted devices, deploy spyware, and snoop user data. Kaspersky informed Apple about the exploitation of the hardware feature, which was swiftly mitigated. However, as Larin observed, all the hardware protections in the world won't help if somebody leaves in an undocumented something that allows those protections to be bypassed. 'Security through obscurity' just doesn't cut it anymore.
Daily Brief Summary
Kaspersky's Global Research and Analysis Team discovered an unknown hardware 'feature' in iPhones that allowed attackers to bypass memory protection.
The vulnerability, tracked as CVE-2023-38606, affected iPhones up to iOS 16.6 and has been patched since July 2023.
It is believed that this hardware feature was intended for testing or debugging purposes but was undocumented, making it a subtle attack vector.
The issue involved the use of unknown Memory-Mapped IO addresses to circumvent the kernel's hardware-based protection.
The discovery process was particularly challenging due to the complexity and closed nature of the iOS ecosystem, requiring extensive reverse-engineering of hardware and software.
The flaw was pivotal in "Operation Triangulation," a cyber campaign that included deploying spyware and harvesting user data from targeted devices.
Kaspersky notified Apple of the exploitation which led to a swift mitigation of the vulnerability.
The case exemplifies how advanced hardware protections can be compromised by sophisticated attacks, especially when "security through obscurity" fails to obscure exploitable flaws.