“The security of iOS, once breached, makes detecting these attacks very difficult,” says Wardle, who was formerly a staffer at the NSA. At the same time, he adds that attackers should assume that any brazen campaign to target Kaspersky would eventually be discovered. “In my opinion, that would be sloppy for an NSA attack,” he says. “But it shows that either the Kaspersky hack was incredibly valuable to the attacker, or whoever did it probably has other iOS zero days as well. Don’t go risking your only iOS remote attack to hack Kaspersky.
The NSA declined WIRED’s request for comment on the FSB announcement or Kaspersky’s findings.
With the release of iOS 16 in September 2022, Apple introduced a special security setting for the mobile operating system known as Lockdown Mode which intentionally restricts usability and access to features that may be porous in services like iMessage and Apple’s WebKit. It is unclear whether lockdown mode would have prevented the attacks observed by Kaspersky.
The alleged discovery by the Russian government of Apple’s collusion with US intelligence “demonstrates the close cooperation of the US company Apple with the national intelligence community, in particular the US NSA, and confirms that the stated policy to ensure the confidentiality of the personal data of users of Apple devices are not true, ”says a statement from the FSBwho adds that this would allow the NSA and “partners in anti-Russian activities” to target “anyone of interest to the White House”, as well as US citizens.
The FSB statement was not accompanied by any technical details about the espionage campaign described by the NSA, nor any proof that Apple was conniving in it.
Apple has always resisted pressure to provide a “back door” or other vulnerability to US law enforcement or intelligence agencies. This stance was demonstrated most publicly during Apple’s high-profile 2016 showdown with the FBI over the bureau’s request that Apple help decrypt an iPhone used by San Bernadino mass shooter Syed Rizwan Farook. . The standoff only ended when the FBI found its own method of accessing iPhone storage with the the help of the Australian cybersecurity company Azimuth.
Although its announcement came on the same day as the FSB claims, Kaspersky has so far made no claims that the Operation Triangulation hackers who targeted the company were working on behalf of the NSA. The cybersecurity firm also did not attribute the hack to the Equation Group, Kaspersky’s name for state-sponsored hackers it has previously linked to highly sophisticated malware, including Stuxnet and Duqu, tools widely believed to have been created and deployed by the NSA and its American allies. .
Kaspersky said in a statement to WIRED that “Given the sophistication of the cyber espionage campaign and the complexity of analyzing the iOS platform, additional research will surely reveal more details about it.”
American intelligence agencies and their allies would, of course, have many reasons to want to look over Kaspersky’s shoulder. Apart from years of US government warnings that Kaspersky has ties to the Russian government, the company’s researchers have long demonstrated a willingness to track and expose hacking campaigns by Western governments what Western cybersecurity companies don’t do. In 2015, indeed, Kaspersky revealed that its own network had been hacked by hackers using a variant of the Duqu malware, suggesting a link to the Equation Group – and therefore potentially the NSA.
This story, combined with the sophistication of the malware that targeted Kaspersky, suggests that, as wild as the FSB’s claims may be, there is good reason to imagine that Kaspersky intruders might have government ties. But if you hack one of the world’s most prolific hacker trackers, even with transparent and hard-to-detect iPhone malware, you can expect, sooner or later, to get caught.
