“The security of iOS, once it’s hacked, makes it really difficult to detect these attacks,” says Wardle, formerly of the NSA. At the same time, he adds, attackers will need to assume that a brazen campaign to target Kaspersky will eventually be detected. And he says, “In my opinion, that would be sloppy for an NSA attack.” “But it does show that the Kaspersky hack was incredibly valuable to an attacker or whoever likely had any more days in iOS as well. If you only had one exploit, you wouldn’t risk the only remote iOS attack to hack Kaspersky.”
The NSA declined WIRED’s request for comment on the FSB announcement or Kaspersky’s findings.
With the release of iOS 16 in September 2022, Apple introduced a special security setting for its mobile operating system known as Lockdown Mode that intentionally restricts usability and access to potentially porous features within services like iMessage and Apple’s WebKit. It is not known whether the lock mode will prevent the attacks noted by Kaspersky.
The Russian government’s alleged discovery of Apple’s collusion with US intelligence “attests to the US company Apple’s close cooperation with the national intelligence community, in particular the US National Security Agency, and confirms that the stated policy of ensuring the confidentiality of personal data of Apple device users is incorrect,” according to a statement. FSB, adding that it would allow the NSA and “partners in anti-Russian activities” to target “anyone of interest to the White House” as well as US citizens.
The FSB statement was not accompanied by any technical details of the NSA spying campaign described, or any evidence that Apple colluded in it.
Historically, Apple has strongly resisted pressure to provide a “backdoor” or other vulnerability to US law enforcement or intelligence agencies. This situation came out publicly in Apple’s high-profile 2016 confrontation with the FBI over the bureau’s demand that Apple help decrypt the iPhone used by San Bernadino mass shooter Syed Rizwan Farooq. The standoff only ended when the FBI found its own way to access the iPhone storage with the help of Australian cybersecurity firm Azimuth.
Although its announcement was timed on the same day as the FSB allegations, Kaspersky has yet to make any allegations that the Operation Triangulation hackers targeting the company were working on behalf of the NSA. Nor did they attribute the hack to Equation Group, Kaspersky’s name for the state-sponsored hackers it previously linked to highly sophisticated malware including Stuxnet and Duqu, tools widely believed to have been created and deployed by the NSA and US allies.
Kaspersky said in a statement to WIRED that “given the sophistication of the cyberespionage campaign and the complexity of analyzing the iOS platform, further research will certainly reveal more details on this issue.”
US intelligence agencies and US allies will, of course, have plenty of reasons to want to look over Kaspersky’s shoulder. Aside from years of warnings from the US government that Kaspersky has ties to the Russian government, the company’s researchers have long demonstrated a willingness to track and expose hacking campaigns by Western governments that Western cybersecurity firms do not. In 2015, in fact, Kaspersky revealed that its private network had been compromised by hackers who used a variant of the Duqu malware, suggesting a link to the Equation Group – and thus potentially the NSA.
This history, along with the sophistication of malware targeting Kaspersky, suggests that however wild the FSB claims may be, there is good reason to imagine that Kaspersky hackers may have ties to the government. But if you hack one of the world’s most prolific state-sponsored hackers—even with smooth, hard-to-detect iPhone malware—you can expect to be discovered sooner or later.
