US cyber-attacks on iPhones began as early as 2013, says report from Chinese cybersecurity company
Published: Jun 09, 2023 10:55 PM
hacker Photo: VCG

Photo: VCG

The US has been hacking iPhones since at least 2013, and this can be carried out either directly through Apple's mobile information receiving service or through the deployment of the "Quantum" system during the web browsing process on Apple's mobile browser, according to a new report by Chinese cybersecurity company Antiy Labs.

In early June, Kaspersky Lab, a world-renowned cybersecurity company, released an analysis report suggesting that the Equation Group, which is affiliated with the US National Security Agency (NSA), had hacked some key Russian phones, including those of Kaspersky's internal staff, through Apple's iMessage service.

The report suggested that there were thousands of victims worldwide, including Chinese users. The Russian Federal Security Service stated that thousands of iPhones in the country, including those of foreign diplomats, had been attacked by hackers. The accusations directly target the US and Apple Inc. However, they did not provide direct sample evidence.

Li Baisong, deputy chief engineer of Antiy Labs, told the Global Times that Apple's security mechanism design has long been praised. Its security system and closed application ecosystem have reduced the likelihood and security risks of the system and devices being hacked. However, in the event exposed by Kaspersky, it seems that the iPhone has become a "black box" that is difficult to effectively analyze and obtain evidence from.

Antiy Labs has also been following up and researching the use of advanced malicious software on iOS devices. The report is based on sample analysis research of the Equation Group.

Due to the extreme difficulty in extracting and capturing samples, no manufacturer has previously published a sample analysis of the NSA's activity on the iOS platform. The Equation Group is considered a top-tier cyber-attack organization globally, and it is generally believed to be affiliated with the NSA.

The report indicates that the general perception is that the iOS platform has better security than the Android platform. However, the iOS platform itself still has many potential entry points.

Historical cyber-attacks on the iOS platform include software in the App Store, and vulnerability attacks based on iMessage and FaceTime.

"But even closing services such as iMessage and Facetime cannot effectively counter the attacks from the Equation Group," said Li. "The US has multiple attack channels. Even when services like iMessage are shut down, they can still attack the mobile application's network access process using the 'Quantum' attack system, achieving implantation into the phone."

The Quantum attack system was first exposed by Edward Snowden in 2013. It is developed and used by the NSA's Tailored Access Operations (TAO) division, an advanced network traffic hijacking attack platform specifically designed for global internet infrastructure.

It relies on the invasion and hijacking of network devices from various national carriers to insert attack traffic during the target person's online process, exploiting browser vulnerabilities to run malicious code on online devices.

The report shows that, based on the analysis of the Quantum system's attackable scenarios, the system can fully cover all major PC terminals, smartphone terminal devices, and browsers globally.

"We can further speculate that A2PT ('Advanced' Persistent Threat) attack organizations such as the Equation Group have conducted comprehensive vulnerability exploration research on China's basic information products and mobile environment, completed the accumulation of reserves, and have already launched targeted operations," said Li.

He also emphasized that in actual operations, A2PT organizations like the Quantum system target a very small number of high-value targets for precise attacks, and for defenders to find the victims is like finding a needle in a haystack, putting them in an extremely difficult situation.

In recent years, smartphones and other intelligent terminal devices have provided people with the convenience of information, but many domestic government and enterprise institutions and industrial departments have introduced mobile offices to take advantage as well.

Once the mobile device is compromised, the attackers can not only collect higher value data assets related to the target person, but also use it as a breakthrough point and springboard to invade the internal network of governments and companies.

Li suggested that for mobile terminals with high security needs, it is necessary to focus on mature commercial products, make specific security investments, and build a security system to achieve stronger security defense capabilities.