Skip to content

Apple’s proprietary hardware exploited for spying

  • by
  • 4 min read

Researchers unveiled intricate details about a four-year-long sophisticated campaign primarily targeting iPhones, including those of Kaspersky employees that exploited targeting Apple’s proprietary hardware vulnerability to implant spyware.

Cybersecurity researchers from Kaspersky — Boris Larin, Leonid Bezvershenko, and Georgy Kucherin — presented the iOS exploit at an event in Congress Center, Hamburg.

As per the researchers, the attackers “are able to write data to a certain physical address while bypassing the hardware-based memory protection by writing the data, destination address, and data hash to unknown hardware registers of the chip unused by the firmware.”

The attack, termed Operation Triangulation, focuses on utilising a 0-click iMessage attack — a technique that allows attackers to infiltrate iOS devices without any interaction from the user. This approach is notoriously difficult to defend against as the malicious payload is delivered seamlessly through the iMessage application, leaving users unaware of the compromise.

Researchers revealed that the attack chain exploited four zero-day vulnerabilities:

  • CVE-2023-41990: A remote code execution vulnerability.
  • CVE-2023-32434: An integer overflow vulnerability.
  • CVE-2023-38606: Exploiting this vulnerability, the app can modify the kernel state.
  • CVE-2023-32435: A memory corruption vulnerability.

The initial compromise involved a remote code execution vulnerability in the ADJUST TrueType font instruction — an obscure and Apple-exclusive component. This detail alone highlighted the depth of research and reconnaissance carried out by the attackers as they resurrected a long-dormant vulnerability that had existed since the early nineties.

The attack chain explained. | Source: Kaspersky

However, the complexities did not stop there. The attackers seamlessly navigated the iOS environment, deploying return/jump-oriented programming and incorporating multiple stages written in the NSExpression/NSPredicate query language. The sophistication culminated in executing a privilege escalation exploit written in JavaScript, boasting around 11,000 lines of code dedicated to JavaScriptcore and kernel memory parsing and manipulation.

Operation Triangulation’s prowess shone through in its support for old and new iPhones, including a Pointer Authentication Code (PAC) bypass for exploiting recent models. The attack further exploited an integer overflow vulnerability in XNU’s memory mapping syscalls, providing the attackers with read/write access to the entire physical memory of the device at the user level. This, in turn, enabled them to bypass the Page Protection Layer (PPL) through hardware memory-mapped I/O (MMIO) registers — an element later mitigated as CVE-2023-38606.

It was discovered that the attackers could write data to a specific physical address, bypassing hardware-based memory protection. The researchers speculated that this hardware feature, seemingly unknown even to Apple, could have been intended for debugging or testing purposes or included mistakenly.

0x206040000 register usage peudo code. | Source: Kaspersky

The exploit targeted Apple A12-A16 Bionic SoCs, honing in on an unknown MMIO block of registers at addresses 0x206040000, 0x206140000, and 0x206150000. These registers, seemingly unassociated with any MMIO ranges defined in the device tree, raised immediate red flags.

These mysterious MMIO addresses did not belong to any known device tree files, public source code, kernel images, or firmware releases. The researchers resorted to a meticulous process of trial and error, mapping out correlations between the exploited MMIO addresses and known regions.

The researchers also uncovered proprietary Apple features conspicuously absent from public sources. This raised concerns about the attackers’ knowledge of these undocumented features and how they harnessed them to bypass security measures. A crucial aspect of the exploit involved writing to an unknown MMIO register, 0x206040000, during initialisation. This register was identified as the CoreSight MMIO debug register for the GPU coprocessor. Its primary role was to enable/disable the hardware feature used by the exploit or controlling interrupts.

“Hardware security very often relies on “security through obscurity”, and it is much more difficult to reverse-engineer than software, but this is a flawed approach because sooner or later, all secrets are revealed. Systems that rely on “security through obscurity” can never be truly secure,” said researchers.

In the News: Amazon Prime Video will show ‘limited’ ads from January 2024

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

>
Exit mobile version