Warning Issued For iPhone Users As iMessage 0-Click Attack Revealed

Researchers at the Russian cybersecurity giant Kaspersky have issued a warning concerning what they say is an ongoing attack campaign exploiting a zero-click, zero-day iMessage vulnerability. This previously unknown vulnerability enables code-execution, including, the researchers say, “additional exploits for privilege escalation.”

Operation Triangulation Attacks Ongoing

The campaign, which Kaspersky has named Operation Triangulation, requires no user interaction. As such, this falls into the most critical of attack methodologies. Just the act of sending the malicious iMessage, which includes an attachment containing the exploit, triggers the vulnerability.

Rather disconcertingly, Kaspersky researchers say they have traced the earliest example of the attack back to 2019. As of yesterday, they also confirm that attacks are still ongoing.

Discovery Of The Zero-Click Attack

The security researchers became aware of the suspicious activity while monitoring the corporate network “dedicated for mobile devices using the Kaspersky Unified Monitoring and Analysis Platform (KUMA).” This activity was originating from a number of iPhones.

MORE FROM FORBESiOS 16.5-Urgent Update Call As 3 New iPhone Threats ConfirmedBy Davey Winder

The traces of compromise were confirmed after researchers created offline backups of the iPhones in question and inspected them with a mobile verification toolkit. This found that the final payload was downloaded from a “fully-featured” advanced persistent threat (APT) platform. It has yet to be confirmed, however, the precise nature of that payload.

We understand that it runs using root privileges and drops a set of commands that can be used to collect both system and user information. Posting on Twitter, Kaspersky founder Eugene Kaspersky said that the attack “transmits private information to remote servers: microphone recordings, photos from instant messengers, geolocation and data about a number of other activities.”

Russia Suggests Attacks Involve iPhone Backdoor For NSA Spies

While there is no firm evidence currently as to who is the target of this campaign, the Russian FSB security service has already claimed that thousands of…