Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

A previously unknown hardware feature has been hijacked to hack iPhones across the world

IPhone 15 foreground Google Pixel 8 Pro background.

Apple’s iPhone seems to have shipped with some unknown hardware features which were then uncovered by hackers who found a way to exploit them in highly destructive zero-click attacks. 

A new report from Kaspersky has outlined how roughly five years ago, it discovered a unique spyware targeting iPhone devices. They named the campaign "Operation Triangulation", and after reverse-engineering the spyware and breaking down the campaign, Kaspersky found that the attackers chained four vulnerabilities to mount zero-click attacks.

As the name suggests, these attacks require no interaction from the victim’s side and can be used to steal sensitive data from the endpoint, run code remotely, or completely take over the device.

Zero click attacks

The four vulnerabilities being chained are tracked as CVE-2023-41990, CVE-2023-32434, CVE-2023-32435, and CVE-2023-38606. It’s the latter that’s particularly interesting because it targets MMIO (memory-mapped I/O) registers in Apple A12-A16 Bionic processors which are not listed in the DeviceTree.

"If we try to describe this feature and how the attackers took advantage of it, it all comes down to this: they are able to write data to a certain physical address while bypassing the hardware-based memory protection by writing the data, destination address, and data hash to unknown hardware registers of the chip unused by the firmware," Kaspersky said in its report.

Right now, no one knows how or why these features ended up in the commercial version of the device. BleepingComputer reports that Russia's intelligence service (FSB) accused Apple of building a backdoor for the NSA to use against the Russian government and embassy staff. It also speculated that the features were left out by mistake, and used in the development phase for debugging or hardware testing. 

In any case, Apple addressed the issue by updating the device tree to restrict physical address mapping.

TechRadar Pro has contacted Apple for comment.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.