Many of us saw the invasion of Ukraine as an embargo on the West, and many of us justified it for different reasons. Russia banned government employees from using iPhones on March 20, 2023. Moreover, all other Apple products were added on July 17, 2023, on top of this ban.
But the reason may be something many fear, according to newly compiled evidence: Surveillance, espionage and intelligence. US intelligence services NSA (National Security Agency) and CIA may have eavesdropped on iPhones in Russia. And since 2019, only Russia according to today’s evidence.
What’s going on? Are Apple and the US jointly listening to Russia?
The theory that the US is listening to the Russians with iPhones is actually not an underground theory. This situation has been brought to the agenda many times, especially after the Russian invasion of Ukraine, it was exacerbated by the decisions taken against Apple.
In fact, the Russian Federal Security Service signed a serious accusation on June 1, 2023. He claimed to have uncovered an American espionage operation involving thousands of iPhones with advanced surveillance software.
Kaspersky Lab, the world’s most famous cybersecurity company, also announced that dozens of Russian employees’ devices used in the said espionage operation were seized. In any case, Kaspersky was the first to detect the operation.
Let’s take a look at Kaspersky who uncovered the operation: Meet the “Operation Triangulation”, which has been running since 2019:
Kaspersky researcher Igor Kuznetsov shared critical statements on the subject in a statement to Reuters. Igor shared that Kaspersky observed abnormal traffic on its corporate Wi-Fi network at the beginning of 2023. Thus, a work within the company began.
The findings from this study were not shared with Russian authorities until 1 June, according to Igor’s statement. However, great results were found in the study. It was revealed that even in 2019, this method was used and remote access was provided to iPhones.
A striking aspect of the work was brought up by Ersin Çahmutoğlu: Why did Kaspersky, announcing every operation at the first moment, wait 6 months to announce this event that would shake the world? According to Çahmutoğlu, Kaspersky first shared this operation with the Russian authorities, although he said otherwise:
What did this software offer?
The software was also unseen (undetected) software, different from software like Pegasus that shook the world and was seen as the “greatest cyber threat”. It was sending all the content on the phone to hackers at regular intervals, and it could self-destruct after a while.
Messages, emails, device information, contacts, photos, videos, microphones on iPhones… The phone was in the hands of hackers, moment by moment. for 4 years.
How did iPhones get infected?
Surprisingly expert. In the most advanced form of the primitive method used even today – with messages:
- The target iOS device receives a message via the iMessage service that contains software that exploits the vulnerabilities.
- Without any user interaction, the message triggers a vulnerability that leads to code execution.
- The code inside the software acquires the next stages from the C&C server with additional software for privilege escalation.
- After successful progress, a final payload is downloaded from the C&C server. This data is a full-featured APT (advanced persistent threat) platform.
- The first message and software in the attachment are deleted.
It was also shared that the latest iOS version known to have applied the above steps is 15.7. However, Kaspersky shared that other iOS versions may have been affected due to the complexity of the attack.
Is the USA really to blame?
Kaspersky officials refrained from blaming any party for this attack with their findings. In fact, speaking to Reuters, Igor said he could not comment on Moscow’s accusations against America. “It is very difficult to attribute anything to anyone.” made the statement.
Russia’s blame is even greater:
Russia’s Federal Security Service directly blamed the US, claiming that not only its own diplomats, but also diplomats from Israel, Syria, China and NATO member states were targeted by American hackers.
Apple cannot be directly blamed for the moment:
Although Russian officials said that Apple devices were being spied on, they did not provide any evidence that Apple was aware of the situation. Apple, on the other hand, denied the accusations in a statement later on and shared a clear answer:
The NSA did not break its silence. As always.
But there are some ‘coincidences’ against Apple:
Apple initially denied the allegations. However, he did not make a statement about the absence of security vulnerabilities. What’s more, Kaspersky later closed the vulnerabilities that Kaspersky said the software exploited, with an urgent update a few days after the announcement on June 1. You can see this update in the image above. In addition to the kernel, two different vulnerabilities in WebKit were also closed.
What will happen now, what will happen?
Where Russia’s accusations will lead, whether there is an Apple-US partnership, whether the US is listening to others besides Russia, whether Kaspersky is truly independent… The list could go on and on with any question you can think of.
Unfortunately, no one knows the exact answer to these questions at the moment. Presumably, no answers will be made public.