How to Secure Your iPhone Against iMessage Vulnerabilities

Have you heard about the Operation Triangulation attacks that targeted iPhones from 2019-2023? According to Kaspersky, a somewhat controversial Russian cybersecurity software company, Operation Triangulation is a previously known hardware vulnerability in iPhones that was exploited through iMessage by sophisticated cybercriminals. 

Kaspersky itself was attacked through this incredibly sophisticated attack. Their researchers conducted extensive analysis to understand and report the attack to Apple. The threat has been eliminated thanks to a recent iOS update. But there are lessons to be learned from this complex and initially successful cyberattack. 

Here’s what Kaspersky says…

After detecting an attack on their own devices, Kaspersky’s researchers discovered the vulnerability in the Apple System-on-a-Chip (SoC). It allowed hackers to bypass hardware-based memory protections on iOS versions up to 16.6.

If this attack had been widespread, it would have had the potential to affect millions of phones worldwide. 

The iMessage vulnerability may have been originally intended for testing and debugging. But cybercriminals could take advantage of it to gain full control over any iPhone they target. 

Some key details:

• Attackers leveraged this vulnerability to bypass memory protections 
• Cybersecurity experts found it challenging to detect because it was not publicly documented
• Kaspersky’s hardware and software technologists had to reverse engineer the iPhone’s hardware/software integration to find and identify the issue
• Kaspersky informed Apple about the vulnerability. Check out this video from Kaspersky to learn more about the attack and how they discovered it
• The CVE-2023-38696 iOS update addressed the problem

Who were the victims of Operation Triangulation? 

Kaspersky was the first identified target of Operation Triangulation, but they don’t believe they were the only ones. 

Vulnera, an American cybersecurity firm that focuses on identifying and dismantling software and hardware vulnerabilities, wrote in their report on Operation Triangulation that:

• Initial infections were first seen on dozens of iOS devices on Kaspersky’s network
• Kaspersky believes it was not the sole target and is working with CERTs to understand  its broader scope
• Russia’s FSB alleged thousands of devices were compromised, including Russian diplomats and NATO members
• Attribution remains unclear, Russia blamed the NSA of the United States but provided no evidence
• Apple denied creating iOS backdoors for surveillance

The expensive and sophisticated Operation Triangulation attack likely didn’t target average citizens. But the fact that the attacks were possible has caused some to sound the alarm. 

How the attack works 

DarkReading, a cybersecurity news site, explained how the Operation Triangulation attack works: 

1. It starts by sending a malicious iMessage that exploits an iPhone vulnerability (CVE-2023-41990) to gain initial access.
2. Attackers use obfuscated JavaScript code to exploit multiple other iOS zero-days (like CVE-2023-32434) to escalate privileges.
3. They bypass hardware memory protections by abusing undocumented iPhone chip features that are obscure and hard to detect.
4. Additional iOS exploits are chained to gain root access, bypass security layers, and erase traces of the attack.
5. Finally, spyware is installed on the compromised device to steal data and monitor activity.

If you want a truly thorough explanation of the technical side of things, check out this hour-long presentation from Kaspersky researchers who discovered and fixed this problem. 

Is the threat over?

If this iMessage vulnerability was resolved in the CVE-2023-38606 update, is your iPhone safe? Yes – mostly. 

The vulnerability that Operation Triangulation attackers exploited is fixed. So you shouldn’t have to worry about this particular attack, as long as you have updated your phone. However, it is important to maintain vigilance when it comes to your security online, especially when using your iPhone and its iMessage counterparts.

iPhone users are like any other smartphone users – they are on their phones a lot! And they use their phones for a lot of different purposes. People use iMessage to send personal, professional, and even confidential messages all the time. Any attack on your iPhone via iMessage should be concerning!

How to protect your iPhone from malware and attacks

There’s an old myth that Apple devices don’t get viruses and/or aren’t vulnerable to cyberattacks. That’s simply not true. Although Apple has some great security features, any device that accesses the internet is vulnerable to hacking, viruses, cyberattacks, etc. 

To protect your iPhone from these threats, we recommend taking some easy steps. 

Keep your iPhone up-to-date

Whenever Apple catches a vulnerability and repairs it, the fix becomes a part of the next iOS update. That’s why you need to install iOS updates as soon as they become available. These updates often contain critical security patches that plug vulnerabilities that malware and hackers could exploit.

Be cautious of third-party app stores outside the official Apple App Store 

Only download apps from the official App Store. Apple reviews these apps for security issues and does everything within its power to keep unsafe apps off the App Store. Apps from other places could contain malware.

Enable two-factor authentication 

Go to your Apple ID account settings and turn on two-factor authentication–one of the best protections that everyday users have against bad actors on the internet. This easy-to-activate feature adds an extra layer of security to your account by requiring both your password and a verification code sent to your phone when you sign in.

Back up your iPhone regularly

Back up to iCloud or iTunes routinely so you can restore your device if infected. Make sure your backups are encrypted for greater security.

Be selective in granting app permissions

Don’t give apps access to information or device features unless they absolutely require it. This limits data compromised if malware infects an app.

Avoid phishing attacks 

Phishing attacks are dependent upon tricking people into thinking that they are accessing a legitimate website or giving information to someone they actually know. Unfortunately, because Mac users sometimes think that their devices are immune to hacking and attacks, they don’t bother to learn about how to avoid these kinds of scams. 

Delete emails and texts requesting you enter account credentials or other info – don’t click any embedded links. Read more about phishing attacks and how to avoid falling for them in our What Is My IP Address guide to phishing scams! 

Use a VPN if on public WiFi

A Virtual Private Network (VPN) encrypts web traffic to anyone from intercepting your sensitive info when connecting from public hotspots.

What to Remember About Operation Triangulation

While the Operation Triangulation campaign targeted weaknesses specific to iMessage vulnerabilities in iOS devices, the sophistication of attacks like these underscore that there are no immune platforms.

Our mobile devices have increasingly become troves of personal data, which is why users must remain proactive in learning security best practices – from promptly installing updates to resisting phishing lures. Tech firms also play a critical role in identifying threats through security research and rapid disclosure. 

With cyber threats growing more advanced by the day, maintaining vigilance is a shared responsibility between vendors and users to lock down devices, stay informed, and protect our data.