There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

autotldr Bot ,

This is the best summary I could come up with:

Researchers on Wednesday presented intriguing new findings surrounding an attack that over four years backdoored dozens if not thousands of iPhones, many of which belonged to employees of Moscow-based security firm Kaspersky.

Chief among the discoveries: the unknown attackers were able to achieve an unprecedented level of access by exploiting a vulnerability in an undocumented hardware feature that few if anyone outside of Apple and chip suppliers such as ARM Holdings knew of.

“The exploit’s sophistication and the feature’s obscurity suggest the attackers had advanced technical capabilities,” Kaspersky researcher Boris Larin wrote in an email.

“Our analysis hasn’t revealed how they became aware of this feature, but we’re exploring all possibilities, including accidental disclosure in past firmware or source code releases.

A fresh infusion of details disclosed Wednesday said that “Triangulation”—the name Kaspersky gave to both the malware and the campaign that installed it—exploited four critical zero-day vulnerabilities, meaning serious programming flaws that were known to the attackers before they were known to Apple.

The researchers found that several of MMIO addresses the attackers used to bypass the memory protections weren’t identified in any device tree documentation, which acts as a reference for engineers creating hardware or software for iPhones.

The original article contains 653 words, the summary contains 200 words. Saved 69%. I’m a bot and I’m open source!

lemann ,

Wow, this is a very complex exploit, involving bits of iMessage and an undocumented CPU feature that allowed the attacker to evade hardware memory protection. From what I can see, Lockdown mode would have prevented this. The attacker is ridiculously skilled regardless

Exerpts from the article missing from the bot summary:

The mass backdooring campaign, which according to Russian officials also infected the iPhones of thousands of people working inside diplomatic missions and embassies in Russia, according to Russian government officials, came to light in June. Over a span of at least four years, Kaspersky said, the infections were delivered in iMessage texts that installed malware through a complex exploit chain without requiring the receiver to take any action.

With that, the devices were infected with full-featured spyware that, among other things, transmitted microphone recordings, photos, geolocation, and other sensitive data to attacker-controlled servers. Although infections didn’t survive a reboot, the unknown attackers kept their campaign alive simply by sending devices a new malicious iMessage text shortly after devices were restarted.

The most intriguing new detail is the targeting of the […] hardware feature […]. A zero-day in the feature allowed the attackers to bypass advanced hardware-based memory protections designed to safeguard device system integrity even after an attacker gained the ability to tamper with memory of the underlying kernel.

https://cdn.arstechnica.net/wp-content/uploads/2023/12/triangulation-exploit-chain-1280x720.png

AnneBonny ,

someone was made fun of one too many times about having green bubbles in imessage

tsonfeir ,
@tsonfeir@lemm.ee avatar

It’s important to reboot your devices frequently

sirdorius ,

The exploit’s sophistication and the feature’s obscurity suggest the attackers had advanced technical capabilities

exploiting a vulnerability in an undocumented hardware feature that few if anyone outside of Apple and chip suppliers such as ARM Holdings knew of.

according to Russian officials also infected the iPhones of thousands of people working inside diplomatic missions and embassies in Russia

the devices were infected with full-featured spyware that, among other things, transmitted microphone recordings, photos, geolocation, and other sensitive data to attacker-controlled servers

Sounds like government espionage

puts tinfoil hat on

LainOfTheWired ,
@LainOfTheWired@lemy.lol avatar

It’s not purely talent that allows them to make this kind of stuff. Otherwise people outside of these agencies would be making this stuff too. It’s also the fact the CIA or any of the others can go to apple for example and get all of the information on how these chips are made and the firmware on them, then put the company under a gag order.

It is silly to assume the governments hackers are any better then a good hacker that doesn’t work for them. And you need to realise that their advantages come from legal power, resources, and lesser regulations on research.

Because a lot of silly conspiracy theories seem to stem from people believing that the government are somehow superior beings, when the only thing that makes them different from anyone else is power.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • [email protected]
  • random
  • lifeLocal
  • goranko
  • All magazines
    •