You make it sound like big tech companies never cooperate with the law enforcement. I bet CIA and FBI have their hand so far up Zuck’s ass it’s almost like Minority Report at this point.
I'm not even sure which SCO is under discussion here, the unix one, Pakistan's "Special Communications Organization", the Shanghai Cooperation Organisation, or if Scotland is up to something surprising, or if it's one of several "State Controller's Office" and "Special Counsel's Office" in the USA…
I mean, unless you live in Middle East and one day they say you have WMD and they destroy your whole country. If you live in the EU or the US - then yes.
Unlike you, I actually lived in Russia and I can tell with 100% certainty that it's a bs narrative that was used to build up Putin support based on confrontation with the "west".
I mean, I'm not supporting Russia's actions here, I'm saying the US (mainly) are just a bad an actor. They're essentially fighting a war with Russia (as their warmongers and military complex love to tell their shareholders about), Ukraine is just the pawn in the middle.
I should have said 'towards' the border, not 'on.' My bad.
You are twisting the history. It was russia that attacked Ukraine in 2014 and occupied Crimea and half of Donetsk and Luhansk regions without any slightest provocation from Ukraine side. 2022 invasion is merely an episode in this war that goes for 9 years already.
It would be nice if history was so black and white, wouldn't it?
Ukraine was full of conflict between pro Russia and pro-EU well before that war. It was a complicated political environment.
The invasion was not, and never is, justified, but let's not pretend Putin woke up one day, threw a dart at the dartboard and decided to invade that place.
> It would be nice if history was so black and white, wouldn't it?
Good thing that history is that black and white this time, this is as black and white as WW2.
> The invasion was not, and never is, justified, but let's not pretend Putin woke up one day, threw a dart at the dartboard and decided to invade that place.
Moreover, NATO and Russia signed a treaty greenlighting NATO enlargement before any official talks with former Warsaw Pact countries started, so whatever was allegedly said or heard prior to that is irrelevant anyway.
>> I'm not supporting Russia's actions here
You are, whether you recognize it or not. Your contrarian take is a made up narrative to justify the war. Makes you feel smarter than the rest while advancing Russian interests and blaming victims for crimes against them.
I don't put much credence in an interview where the guy just says "I know nussink" vs the documented evidence that it did.
No I'm not supporting Russia here, I'm saying they were not just acting "out of nowhere," they are playing the same geopolitical war games (and now actual war), as the US is, but the US are pretending they're absolutely the good guys (i.e. pretending they want peace) while shovelling coal into the fire top speed.
It's a war between Russia and NATO/US, Ukraine just happens to hold shared interests and is now sadly in the middle of this disaster of big boys beating chests.
And that is the wrong question to ask. It is not a binary option. It's not even a scale. It is dependent on the circumstances of the moment. Right now, who is the one invading another country?
You’re saying this as if moving the NATO border towards Russia wasn’t going to have any consequences. Everyone realized this and willfully chose the path of confrontation. NATO was created against USSR and Russia is a USSR successor.
Was there a NATO country that condemned Iraq invasion and imposed sanctions? Like banning McDonalds or UPS from doing business there? Most of them participated in the invasion one way or another, did they not?
Do you have any sources for this? I'm interested in reading more about it after seeing a lot of allegations. I don't recall ever seeing anything concrete.
Literally one google search gave me this.[1] You could have saved a lot of time writing "Kaspersky FSB GRU" in google than writing this comment to someone to cite their sources.
Could you quote a paragraph from that article that supports the claim
> Kaspersky was spying on international citizens for over a decade, providing data for both the FSB and GRU.
I read it through twice and aside from implication the strongest assertion was that Bloomberg had seen emails that confirmed Kaspersky had worked with the FSB to supply anti-DDOS systems that included counter measures (the ability to hack and disrupt hackers attacking systems) which wasn't denied by Kaspersky who maintained they do similar work with many governments and their 3-letter-agencies.
There's apparently an entire wiki on the subject and again it's mostly speculation, misunderstanding (ie, in the NSA case), or as you said misrepresenting what was essentially a pretty innocuous defensive gov contract by an infosec company.
I was surprised at how low it was on the front page, and how quickly it disappeared. But I never saw a "flagged" indicator on it. I thought that flagged posts typically had these indicators — is this not the case?
The oldest traces of infection that we discovered happened in 2019. As of the time of writing in June 2023, the attack is ongoing, and the most recent version of the devices successfully targeted is iOS 15.7.
> We believe that the main reason for this incident is the proprietary nature of iOS. This operating system is a “black box”, in which spyware like Triangulation can hide for years. Detecting and analyzing such threats is made all the more difficult by Apple’s monopoly of research tools – making it a perfect haven for spyware. In other words, as I’ve often said, users are given the illusion of security associated with the complete opacity of the system. What actually happens in iOS is unknown to cybersecurity experts, and the absence of news about attacks in no way indicates their being impossible – as we’ve just seen.
Shatters Apple's argument that all of these hurdles are better for security. I wonder if testimony like this could affect any of their antitrust lawsuits or right to repair lobbying.
Not "shatters", as while it is a valid counter, it doesn't tell you the relative strengths and weaknesses of the two approaches, only that Apple isn't perfect which should already have been assumed.
A stronger counter to Apple's argument is the relative pricing of exploits… but the story I'm remembering is old enough that I don't want to just assume it's still true, even though it's near the top of my search results:
> It's absurd to say a company should not blow the whistle on a sophisticated attack when that companys job is just that!
They should definitely do it.
They should also acknowledge that they did a shoddy job. They let the malware run unchecked for several years. It is clear that the safeguards they had in place did not work, not for protection, but especially for detection.
Instead, they chose to boost the image of their own products and bash a third party vendor with a questionable reasoning.
It doesn't really shatter anything does it? People here are going to understand that there are trade-offs to every decision made.
I suspect iOS is not worse than the more open Android simply because senior management at Kaspersky are using iPhones. If anybody is choosing their platform with security in mind, it has to be them and they are going with iOS.
And on that same page it says the Android version didn’t even require an exploit. The sneakiest thing that was required on Android was to write the word “Samsung” on the app icon so that users would click it.
Near the end, they say:
> This campaign is a good reminder that attackers do not always use exploits to achieve the permissions they need.
Because they were deceived by Apple's quality promises?
If Apple really wanted to improve security (instead of just producing marketing claims about it) they would provide anyone with debugging symbols, root privileges and anything else needed for research and debugging.
It's entirely rational to have believed iPhone to be more secure in the past, now believe Android is more secure, and yet remain on iPhone:
1. At some point, weigh probabilities of exploits
2. Update Bayesian priors as new evidence arrives
3. Even if the initial decision currently appears incorrect, there needs to be a high enough difference in probability to justify switching, because in switching, you're still exposed to any persistent exploitation via the old exploits plus new exploits on the new platform
Switching back and forth the instant your Bayesian prior swings over/under 50% for Android being more secure than iPhone is a terrible strategy. (Also, you need to risk-weight your various exploit probabilities... security is a multidimensional quantity, so collapsing to a scalar is at least context-/threat-model-dependent.)
They knew all along it was closed source, but that doesn't mean they believed all along (or at least were confident enough in their belief) that closed source resulted in higher risk of extant exploitable flaws.
Sure, I think a lot of people would think about it this way - but that just means they don’t have any real expertise.
Kaspersky says:
“We believe that the main reason for this incident is the proprietary nature of iOS.”
If the proprietary nature is the main reason for the incident, then Android should have been overwhelmingly more secure all along, and they should know this.
If they are only just figuring this out now, then they have been ludicrously ignorant for people who claim to be experts.
Occam’s razor says they really aren’t as expert as their marketing claims and they are trying to save face by blaming Apple.
Given that the Kremlin is blaming Apple and the NSA, perhaps Kaspersky is trying to deflect blame for not having warned Russian diplomats about the issue.
I feel this is likely going to devolve into a semantic argument over the true definition of real expertise. A key sticking point will likely be volume of a priori knowledge vs. skill in acquiring and synthesizing knowledge.
The issue is their claim that the cause was the proprietary nature of iOS.
This is inconsistent with their claims of expertise.
That’s the issue. I believe the claim isn’t being made because they are experts or because it is true, but rather to deflect blame for marketing and political reasons.
So, they discover a vulnerability in ios and publish the details of the symptoms of the exploit -- something that Apple themselves were unaware --, release a tool to detect indicators of compromise in iphone backups and yet, somehow they have poor judgment?
What should they be doing? Keep the discovery to themselves so those who claim iPhone is secure can continue living obliviously with their worldview unchanged? Wouldn't we accuse them of poor judgment if they did that?
It is quite reasonable for them to say the ecosystem being closed is making analysis and detection difficult. It is up to Apple to do what they want with that information.
If I'm understanding the GP correctly, they're asserting that any "real expert" would have anticipated being exploited on iPhone and would never have used iPhone.
I can see this point of view, but I feel expertise is more about skill in acquiring information and updating beliefs. In my view, real experts can be blatantly wrong, even about foundational facts, if they have an exceptional ability to update those beliefs.
It issue is that their claim that the cause of the exploit is the propriety OS, is both not plausible (because otherwise Android would be far more secure than iOS), and is inconsistent with their alleged expertise.
It’s entirely possible that they are experts, but are making making a claim that is not based on their expertise, for reasons of political and marketing expediency.
No expertise is needed to say any os/device is likely to suffer an attack/exploit. Anyone who says that for any platformwill be right with a probability of 1.0
> Shatters Apple's argument that all of these hurdles are better for security.
Sorry I don't buy that this "shatters" anything besides peoples misguided assumptions that anything can be perfectly secure without being fully disconnected.
Apple's iOS 16 supports iphone 8 which was released in 2017, 5 years ago.
Apple's iOs 15 supported iphone 6 which was released in 2015, 7 years ago.
> Samsung’s previous promise to provide three years of upgrades and ensures millions of Galaxy users have access to the latest features for security, productivity, visual experience and more, for as long as they own their device.
> Samsung will now provide up to five years of security updates to help protect select Galaxy devices
They do mention 5 years of updates but only for _select_ galaxy devices (presumably the top of the line).
---
I am assuming anyone rooting/flashing is taking way more risks and security concerns into their own hands. But in length of support/security updates alone apple is winning.
I also wonder how long it actually takes a vulnerability patch (let's say for a zero day) to get out on android and then through OEM security updates. (I haven't been android in too long to know this.) Apple actually just released a way for them to do this and have already used it once, they call it "Rapid Security Responses" (which you can switch off although idk why you would).
Indeed, the identified fix involves a factory reset and upgrading iOS to prevent the malware from taking over again.
That provides a simple explanation for why the phones are running such an old version: because they've been infected and unable to be updated for that entire time.
I guess execs at security firms are no better than average people when it comes to noticing that their phones never got the various new features (end emojis!) from the last year of OS updates.
> We have developed and made freely available the triangle_check utility, that can detect indicators of compromise in an Apple device backup. Detailed instructions on how to use it under different OSs (Windows, Linux and macOS), as well as how to create a device backup can be found in a post on Securelist. [1]
That one of the bigger security companies seemingly didn't have MDM screaming bloody murder or outright blocking authentication for an endpoint this out of date is more than a little concerning.
Props to their SIEM for detecting it in the end, but this seems like it could've been detected and remediated a few weeks in (assuming it didn't also have the ability to spoof the iOS version).
> We identified that the latest version of iOS that was targeted by Triangulation is 15.7. However, given the sophistication of the cyberespionage campaign and the complexity of analysis of iOS platform, we can’t guarantee that other versions of iOS are not affected.
I guess everyone at Kaspersky knew the risk of an attack was non-zero given their industry profile. Their SIEM finally caught it, albeit it is arguable if the detection was timely and as others in the thread have pointed out, their MDM should have detected the upgrade failures or version issues. We will probably hear about it in the detailed paper/presentation later.
Their rant on the closed nature of the ios ecosystem is more around Apple's hold on the research tools. That is what I took from the statement, among other things.
Right you can turn off getting any messages entirely and deregister your phone from their network. I believe what I was remembering was you can't swap out the primary SMS receiving app like you can on Android. Unless something changed. Not everyone like's to live in a security bubble w/o phone access, even the security minded.
There is a switch in the Settings app to disable iMessage and just use SMS. This is an option for the built in messaging app, no need to “swap” or install another app.
So basically still using iMessage software just for SMS? I guess this could provide some better sense of security given the parsers are the main issue.
Actually, Apple should consider making iMessage open source.
Given it is such a popular attack vector, it probably benefits the ios ecosystem to take the benefit of open source scrutiny. There are other messaging apps like Signal, WhatsApp, Telegram etc., So, it is not like a copycat would suddenly emerge and threaten Apple's position. Apple hold the keys to the app store anyway and can review any potential copycat (supposedly malicious one) and prevent it from being released.
> users are given the illusion of security associated with the complete opacity of the system. What actually happens in iOS is unknown to cybersecurity experts, and the absence of news about attacks in no way indicates their being impossible
For this to change the community needs to create the needed tools. I don't think Apple will ever help you with something that can potentially make them look bad.
Theoretically yes. However, the chance of you encountering a second hand device with such an implant is relatively low I'd say.
I guess if you buy it off journalists or activists the chance would be higher but still relatively unlikely. But as with anything, consider if it suits your threat model and act accordingly.
hardware modifications definitely can. A few years ago I've read ([0] - the article is in russian but google translate does its job) about hardware bugs installed in iphones - with a mic and an own SIM card, everything is powered from the phone's battery.
Didn’t read the article, because on my oldish phone the cookie options defaulted to disallowing necessary cookies and allowing all others. I’m fairly confident this is a bug
tl;dr - malicious state and private threat actors can at any time completely take over your iphone (root access) with an invisible iMessage without you having a practical chance to detect it besides scanning your iphone backup
how is this generally possible? In my simplified understanding, a text message is a hunk of data, but I know it's more complex than that.... it must be able to connect to all kinds of services and trigger all kinds of code running, right? Can't it be sanity checked sufficiently?
Apparently, it uses iMessage's proprietary messaging format, not standard text messages. I don't use iOS but my understanding is users can't replace iMessage with another messaging app.
> my understanding is users can't replace iMessage with another messaging app.
To be precise there is one "Messaging" app, that automagically uses iMessage (blue bubbles) instead of SMS (green bubbles) whenever possible. One can turn off iMessage in the settings, which will probably lead to your iPhone rejecting iMessages, making other iPhones only send SMS to you and also make your iPhone only send SMS. Whether that toggle prevents receiving and processing of malicious, invisible iMessages is an entirely different question.
Even if it would be a simple text message (which its not for iphone), it triggers a text parser at minimum. That parser can have carious bugs in it, ie if parser checks phone contacts to highlight phone number in text as a known contact, identifies some weblink etc.
To sum it up to have it as fancy as possible to users it checks various things and needs permissions for that. Enough 0days in the chain and you can do whatever you need.
This is the problem of closed systems, you have to trust manufacturer 100%, there is no independent audit possible. And if you ever did any serious code before, you know by heart that any code has bugs, in the code, in platform/VM it runs, apis etc.
They said it can infect iOS 15.7. I just looked and it appears 15.7.1 was released 10/27/22. And the malware apparently quietly blocks OS updates and can survive full hardware resets.
If you were fully updated to the latest iOS last October and got infected, it would keep you infected. They also said they found the malware has been deployed in the wild since at least 2019 and this is the first discovery o. f it. And it appears to be a fully remote, stealth infection against all iPhones.
I'm no expert on security (or iOS) but it sounds pretty much like worst case to me.
> What actually happens in iOS is unknown to cybersecurity experts
Sounds like a skill issue to me. I'll eat my words if they were genuinely infected with something that lingered in such a way that it persisted past a reboot and completely broke all updates, but I would be very surprised if this was the case.
Why would an actor with a reliable zero-click need to persist past a reboot? That appears to be the claim in the article, update blocking plus on-demand reinfection.
"An indirect indication of the presence of Triangulation on the device is the disabling of the ability to update iOS"
My guess would be that they didn't find out thanks to their monitoring solution, but because some senior manager shouted pretty loudly at someone to get their iPhone to update, asap! :)
128 comments
[ 3.0 ms ] story [ 194 ms ] thread...and now they're complaining about counter surveillance by the FBI?
But you as a founder decide whose values of the surrounding society you align your company with.
In an autocratic nation these controls are kind of absolutist in nature, whereas in democracies you have at least some sense of oversight.
Given the mechanics of the game, where you reside your company tells a lot about who you're friends with.
These days on a larger scale there's basically NATO, SCO, UAE, Israel and the African Union as alliances (setting aside (former) British colonies).
Companies have to cooperate with either of those, otherwise they would not be allowed to exist.
Which one's the good one?
Among that list, NATO is by far the preferred option.
It was a trick question, none of them are good.
It's not NATO's fault that all the small countries around Russia are so scared of Russian forces that they all ask to join a mutual defence pact.
Now nearing borders appears motivated more by Russia's bullying of its neighbors than any desire within NATO to expand.
Maybe you're forgetting the protection treaty Russia signed to respect Ukraine's borders in exchange for USSR nukes.
Does NATO even have a border with the counties member states invaded in the past three or so decades? Except Yugoslavia.
https://nsarchive.gwu.edu/briefing-book/russia-programs/2017...
I mean, I'm not supporting Russia's actions here, I'm saying the US (mainly) are just a bad an actor. They're essentially fighting a war with Russia (as their warmongers and military complex love to tell their shareholders about), Ukraine is just the pawn in the middle.
I should have said 'towards' the border, not 'on.' My bad.
It would be nice if history was so black and white, wouldn't it?
Ukraine was full of conflict between pro Russia and pro-EU well before that war. It was a complicated political environment.
The invasion was not, and never is, justified, but let's not pretend Putin woke up one day, threw a dart at the dartboard and decided to invade that place.
This provoked Russia to invade how?.
> It would be nice if history was so black and white, wouldn't it?
Good thing that history is that black and white this time, this is as black and white as WW2.
> The invasion was not, and never is, justified, but let's not pretend Putin woke up one day, threw a dart at the dartboard and decided to invade that place.
Then what happened?.
I bet if I asked you why WW1 started you’d say it’s because a Serb assassinated an Austrian.
Not according to direct participants like the foreign minister of the USSR. https://www.spiegel.de/international/europe/interview-with-e...
Moreover, NATO and Russia signed a treaty greenlighting NATO enlargement before any official talks with former Warsaw Pact countries started, so whatever was allegedly said or heard prior to that is irrelevant anyway.
>> I'm not supporting Russia's actions here
You are, whether you recognize it or not. Your contrarian take is a made up narrative to justify the war. Makes you feel smarter than the rest while advancing Russian interests and blaming victims for crimes against them.
No I'm not supporting Russia here, I'm saying they were not just acting "out of nowhere," they are playing the same geopolitical war games (and now actual war), as the US is, but the US are pretending they're absolutely the good guys (i.e. pretending they want peace) while shovelling coal into the fire top speed.
It's a war between Russia and NATO/US, Ukraine just happens to hold shared interests and is now sadly in the middle of this disaster of big boys beating chests.
Hence my comment, who's the good guy...
https://www.nato.int/cps/en/natohq/topics_8189.htm
Not sure why the downvotes, this is literally the one and only time in NATO's history that Article 5 has been invoked https://en.wikipedia.org/wiki/North_Atlantic_Treaty#Septembe...
Can you give some examples of oversight ?
Plenty of security disclosures are matter of fact and not loaded with opinion and innuendo.
[1]https://www.bloomberg.com/news/articles/2017-07-11/kaspersky...
> Kaspersky was spying on international citizens for over a decade, providing data for both the FSB and GRU.
I read it through twice and aside from implication the strongest assertion was that Bloomberg had seen emails that confirmed Kaspersky had worked with the FSB to supply anti-DDOS systems that included counter measures (the ability to hack and disrupt hackers attacking systems) which wasn't denied by Kaspersky who maintained they do similar work with many governments and their 3-letter-agencies.
https://en.wikipedia.org/wiki/Kaspersky_bans_and_allegations...
It makes sense for western governments to be wary of using it but going beyond that is just speculation at this point.
> Kaspersky was spying on international citizens for over a decade, providing data for both the FSB and GRU.
You linked a news article that states:
> The U.S. government hasn’t identified any evidence connecting Kaspersky Lab to Russia’s spy agencies
Maybe more evidence will be uncovered by the (alleged) targeted attack against Kaspersky though.
I'm interested in the technology created to perform these activities more than the politics surrounding it. How they do it, not why.
https://news.ycombinator.com/item?id=36154455
“Clickless” iOS exploits infect Kaspersky iPhones with never-before-seen malware - 26 comments
The oldest traces of infection that we discovered happened in 2019. As of the time of writing in June 2023, the attack is ongoing, and the most recent version of the devices successfully targeted is iOS 15.7.
> We believe that the main reason for this incident is the proprietary nature of iOS. This operating system is a “black box”, in which spyware like Triangulation can hide for years. Detecting and analyzing such threats is made all the more difficult by Apple’s monopoly of research tools – making it a perfect haven for spyware. In other words, as I’ve often said, users are given the illusion of security associated with the complete opacity of the system. What actually happens in iOS is unknown to cybersecurity experts, and the absence of news about attacks in no way indicates their being impossible – as we’ve just seen.
A stronger counter to Apple's argument is the relative pricing of exploits… but the story I'm remembering is old enough that I don't want to just assume it's still true, even though it's near the top of my search results:
https://www.wired.com/story/android-zero-day-more-than-ios-z...
https://zerodium.com/program.html
You can sell an iOS exploit for more because the people you're targeting with it are generally wealthier.
If you could sell it for more, but it seems you can't sell it for more.
This implies a large supply of zero-days competing with each other on price.
Endpoint protection solutions can be installed in iOS devices. The device could also be wiped clean, eliminating the malware.
The latter should not be much of an issue in any serious organization. If any executive keeps critical data in a phone, that is already an issue.
The former is a hassle, but I have had to use locked down iPhones before, and the tradeoffs are still better than facing an intrusion.
The vulnerability and the vector could also have been present in a different form in Android devices.
All in all, I don't think this is the response Kaspersky should have come forward with.
I've not idea to what extent it's possible to have a durable trojan on iOS (probably only the makers of such trojans do know).
It's absurd to say a company should not blow the whistle on a sophisticated attack when that companys job is just that!
They should definitely do it.
They should also acknowledge that they did a shoddy job. They let the malware run unchecked for several years. It is clear that the safeguards they had in place did not work, not for protection, but especially for detection.
Instead, they chose to boost the image of their own products and bash a third party vendor with a questionable reasoning.
How does "endpoint protection solution" protect from 0-day exploits? I guess it can do that only in marketing materials, not in reality.
This malware was running and spreading for years. It is actually surprising that it took a security company like Kaspersky so long to detect it.
I suspect iOS is not worse than the more open Android simply because senior management at Kaspersky are using iPhones. If anybody is choosing their platform with security in mind, it has to be them and they are going with iOS.
Near the end, they say:
> This campaign is a good reminder that attackers do not always use exploits to achieve the permissions they need.
Why are Kaspersky's management using iPhones?
If Apple really wanted to improve security (instead of just producing marketing claims about it) they would provide anyone with debugging symbols, root privileges and anything else needed for research and debugging.
The point being, with Kaspersky as security experts, it really does call into question their judgement and expertise.
They aren’t just claiming it’s because of this one exploit or some exploit stats - they are making the claim that it’s because it’s not open source.
Since they knew this all along, we can conclude that they have poor judgment.
Kaspersky says:
“We believe that the main reason for this incident is the proprietary nature of iOS.”
If the proprietary nature is the main reason for the incident, then Android should have been overwhelmingly more secure all along, and they should know this.
If they are only just figuring this out now, then they have been ludicrously ignorant for people who claim to be experts.
Occam’s razor says they really aren’t as expert as their marketing claims and they are trying to save face by blaming Apple.
Given that the Kremlin is blaming Apple and the NSA, perhaps Kaspersky is trying to deflect blame for not having warned Russian diplomats about the issue.
This is inconsistent with their claims of expertise.
That’s the issue. I believe the claim isn’t being made because they are experts or because it is true, but rather to deflect blame for marketing and political reasons.
What should they be doing? Keep the discovery to themselves so those who claim iPhone is secure can continue living obliviously with their worldview unchanged? Wouldn't we accuse them of poor judgment if they did that?
It is quite reasonable for them to say the ecosystem being closed is making analysis and detection difficult. It is up to Apple to do what they want with that information.
I can see this point of view, but I feel expertise is more about skill in acquiring information and updating beliefs. In my view, real experts can be blatantly wrong, even about foundational facts, if they have an exceptional ability to update those beliefs.
It’s entirely possible that they are experts, but are making making a claim that is not based on their expertise, for reasons of political and marketing expediency.
Sorry I don't buy that this "shatters" anything besides peoples misguided assumptions that anything can be perfectly secure without being fully disconnected.
Apple's iOS 16 supports iphone 8 which was released in 2017, 5 years ago. Apple's iOs 15 supported iphone 6 which was released in 2015, 7 years ago.
> Samsung’s previous promise to provide three years of upgrades and ensures millions of Galaxy users have access to the latest features for security, productivity, visual experience and more, for as long as they own their device.
https://news.samsung.com/us/samsung-galaxy-os-upgrade-one-ui...
They only _just_ changed to 4 years, last year.
> Samsung will now provide up to five years of security updates to help protect select Galaxy devices
They do mention 5 years of updates but only for _select_ galaxy devices (presumably the top of the line).
---
I am assuming anyone rooting/flashing is taking way more risks and security concerns into their own hands. But in length of support/security updates alone apple is winning.
I also wonder how long it actually takes a vulnerability patch (let's say for a zero day) to get out on android and then through OEM security updates. (I haven't been android in too long to know this.) Apple actually just released a way for them to do this and have already used it once, they call it "Rapid Security Responses" (which you can switch off although idk why you would).
https://support.apple.com/en-us/HT204204
Also: iOS 16 is not vulnerable and it was released on September 12, 2022 - why are those phones out of date for so long?
>An indirect indication of the presence of Triangulation on the device is the disabling of the ability to update iOS.
So I assume that the malware stops working when iOS is updated. This highlights the tremendous importance of keeping software up to date.
This is done by the malware.
Indeed, the identified fix involves a factory reset and upgrading iOS to prevent the malware from taking over again.
That provides a simple explanation for why the phones are running such an old version: because they've been infected and unable to be updated for that entire time.
> June 02 2023 Update: triangle_check utility
> We have developed and made freely available the triangle_check utility, that can detect indicators of compromise in an Apple device backup. Detailed instructions on how to use it under different OSs (Windows, Linux and macOS), as well as how to create a device backup can be found in a post on Securelist. [1]
[1]: https://securelist.com/find-the-triangulation-utility/109867...
Props to their SIEM for detecting it in the end, but this seems like it could've been detected and remediated a few weeks in (assuming it didn't also have the ability to spoof the iOS version).
<extract>
> SECURELIST
> Posted on June 2, 2023. 11:10 am
> Hi Bil!
> We identified that the latest version of iOS that was targeted by Triangulation is 15.7. However, given the sophistication of the cyberespionage campaign and the complexity of analysis of iOS platform, we can’t guarantee that other versions of iOS are not affected.
</extract>
Their rant on the closed nature of the ios ecosystem is more around Apple's hold on the research tools. That is what I took from the statement, among other things.
But you are correct that you cannot switch to a different SMS/MMS app.
Given it is such a popular attack vector, it probably benefits the ios ecosystem to take the benefit of open source scrutiny. There are other messaging apps like Signal, WhatsApp, Telegram etc., So, it is not like a copycat would suddenly emerge and threaten Apple's position. Apple hold the keys to the app store anyway and can review any potential copycat (supposedly malicious one) and prevent it from being released.
For this to change the community needs to create the needed tools. I don't think Apple will ever help you with something that can potentially make them look bad.
Is this true? I thought a hard reset and secure enclave etc. was enough? Can you put "stuff" in it that survives to a new user?
I guess if you buy it off journalists or activists the chance would be higher but still relatively unlikely. But as with anything, consider if it suits your threat model and act accordingly.
[0] https://service-iphone.ru/blog/proslushka-v-iphone-teper-bez...
To be precise there is one "Messaging" app, that automagically uses iMessage (blue bubbles) instead of SMS (green bubbles) whenever possible. One can turn off iMessage in the settings, which will probably lead to your iPhone rejecting iMessages, making other iPhones only send SMS to you and also make your iPhone only send SMS. Whether that toggle prevents receiving and processing of malicious, invisible iMessages is an entirely different question.
To sum it up to have it as fancy as possible to users it checks various things and needs permissions for that. Enough 0days in the chain and you can do whatever you need.
This is the problem of closed systems, you have to trust manufacturer 100%, there is no independent audit possible. And if you ever did any serious code before, you know by heart that any code has bugs, in the code, in platform/VM it runs, apis etc.
If you were fully updated to the latest iOS last October and got infected, it would keep you infected. They also said they found the malware has been deployed in the wild since at least 2019 and this is the first discovery o. f it. And it appears to be a fully remote, stealth infection against all iPhones.
I'm no expert on security (or iOS) but it sounds pretty much like worst case to me.
Only the top of the iceberg is being visible to public if not less.
Sounds like a skill issue to me. I'll eat my words if they were genuinely infected with something that lingered in such a way that it persisted past a reboot and completely broke all updates, but I would be very surprised if this was the case.
My guess would be that they didn't find out thanks to their monitoring solution, but because some senior manager shouted pretty loudly at someone to get their iPhone to update, asap! :)
We're just bloody tired okay?!? Every fing weekend every fking day it's a new 0day and exploit and attack surface.
And then the new patch breaks production or the new edr throws up a storm because someone had the audacity to run psexec or some other bullcrap
/Overworked blue teamer rant