SolarWinds hackers used iOS zero-day to penetrate iPhones used by government officials

Posted:
in iOS edited July 14
A newly uncovered zero-day exploit impacting older versions of iOS was leveraged by Russia-backed hackers in a campaign that targeted officials of Western European governments.

iOS 14


Outlined by Google's Threat Analysis team in a report on Wednesday, the attack involved messages sent to government officials over LinkedIn.

Victims who visited a provided link on their iOS device would be redirected to a domain that served up an initial malicious payload that subsequently examined device authenticity. After multiple validation checks were satisfied, a final payload containing the CVE-2021-1879 exploit was downloaded and used to bypass certain security protections.

According to Google, the zero-day turned off Same-Origin-Policy safeguards, or protections that prevent malicious scripts from collecting data on the web. By disabling the defense, hackers were able to gather website authentication information from Google, Microsoft, LinkedIn, Facebook, Yahoo and others before sending it on to an attacker-controlled IP, the report said.

"The victim would need to have a session open on these websites from Safari for cookies to be successfully exfiltrated. There was no sandbox escape or implant delivered via this exploit," writes Maddie Stone and Clement Lecigne. "The exploit targeted iOS versions 12.4 through 13.7."

Browsers that support Site Isolation features, like Chrome or Firefox, are not impacted by Same-Origin-Policy attacks.

While Google fails to name the hacking group that conducted the attack, it does say that the operation coincided with a campaign from the same bad actor targeting Windows computers. ArsTechnica, which reported on Google's findings today, identifies the actors as Nobelium, the same team behind 2019's SolarWinds hack. Nobelium also used an attack vector involving CVE-2021-1879 in a hack related to the United States Agency for International Development.

Apple patched the flaw in March.

Keep up with everything Apple in the weekly AppleInsider Podcast -- and get a fast news update from AppleInsider Daily. Just say, "Hey, Siri," to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too.If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple's Podcasts app, or via Patreon if you prefer any other podcast player.

Read on AppleInsider

Comments

  • Reply 1 of 14
    hexclockhexclock Posts: 946member
    Kill them all. 
    watto_cobra
  • Reply 2 of 14
    GeorgeBMacGeorgeBMac Posts: 10,264member
    hexclock said:
    Kill them all. 
    These are likely Russian hackers operating under the support & protection of Russian security forces.

    It needs to be stopped -- but by something short of nuclear war.

    killroy
  • Reply 3 of 14
    lkrupplkrupp Posts: 9,455member
    So, are Russian cyber warriors better than the U.S. Cyber Command? Or are we doing the same thing to our enemies? Of course if we were we’d never heard about it I guess. The alleged joint effort by the U.S. and Israel created Stuxnet that caused Iranian nuclear centrifuges to self-destruct. We did hear about that.

    In either event the western democracies seem helpless in the face of these attacks.

    And enough of the bullshit of refusing to update your devices because of fear, some goofball app not working, general hesitancy to update. You know, like getting vaccinated.
    edited July 15 killroy
  • Reply 4 of 14
    avon b7avon b7 Posts: 5,901member
    lkrupp said:
    So, are Russian cyber warriors better than the U.S. Cyber Command? Or are we doing the same thing to our enemies? Of course if we were we’d never heard about it I guess. The alleged joint effort by the U.S. and Israel created Stuxnet that caused Iranian nuclear centrifuges to self-destruct. We did hear about that.

    In either event the western democracies seem helpless in the face of these attacks.

    And enough of the bullshit of refusing to update your devices because of fear, some goofball app not working, general hesitancy to update. You know, like getting vaccinated.
    A security patch to fix something in an earlier system version (especially a zero-day bug) should not require an entire iOS upgrade.

    Not sure if that was the case here, though even if it reads as if it were. 
  • Reply 5 of 14
    GeorgeBMacGeorgeBMac Posts: 10,264member
    lkrupp said:
    So, are Russian cyber warriors better than the U.S. Cyber Command? ....
    Was that a question?

    Do we even have a U.S. Cyber (defense)?

    I think we spent all our money on F35's & Russia just slipped in through the cracks (or was it the barn door?)

    edited July 15 watto_cobra
  • Reply 6 of 14
    killroykillroy Posts: 160member
    lkrupp said:
    So, are Russian cyber warriors better than the U.S. Cyber Command? Or are we doing the same thing to our enemies? Of course if we were we’d never heard about it I guess. The alleged joint effort by the U.S. and Israel created Stuxnet that caused Iranian nuclear centrifuges to self-destruct. We did hear about that.

    In either event the western democracies seem helpless in the face of these attacks.

    And enough of the bullshit of refusing to update your devices because of fear, some goofball app not working, general hesitancy to update. You know, like getting vaccinated.

    As for Stuxnet, never trust a second party with your code.
    GeorgeBMac
  • Reply 7 of 14
    GeorgeBMacGeorgeBMac Posts: 10,264member
    killroy said:
    lkrupp said:
    So, are Russian cyber warriors better than the U.S. Cyber Command? Or are we doing the same thing to our enemies? Of course if we were we’d never heard about it I guess. The alleged joint effort by the U.S. and Israel created Stuxnet that caused Iranian nuclear centrifuges to self-destruct. We did hear about that.

    In either event the western democracies seem helpless in the face of these attacks.

    And enough of the bullshit of refusing to update your devices because of fear, some goofball app not working, general hesitancy to update. You know, like getting vaccinated.

    As for Stuxnet, never trust a second party with your code.

    True!   There's a lot of competition out there:
    "July 15 (Reuters) - An Israeli group sold a tool to hack into Microsoft Windows, Microsoft and technology human rights group Citizen Lab said on Thursday, shedding light on the growing business of finding and selling tools to hack widely used software.

    The hacking tool vendor, named Candiru, created and sold a software exploit that can penetrate Windows, one of many intelligence products sold by a secretive industry that finds flaws in common software platforms for their clients, said a report by Citizen Lab.

    Technical analysis by security researchers details how Candiru's hacking tool spread around the globe to numerous unnamed customers, where it was then used to target various civil society organizations, including a Saudi dissident group and a left-leaning Indonesian news outlet, the reports by Citizen Lab and Microsoft show."


    I wonder what we're doing about it to defend ourselves and our companies?   Anything?   Anything at all?


    killroy
  • Reply 8 of 14
    lkrupp said:
    So, are Russian cyber warriors better than the U.S. Cyber Command? ....
    Was that a question?

    Do we even have a U.S. Cyber (defense)?

    I think we spent all our money on F35's & Russia just slipped in through the cracks (or was it the barn door?)

    Yes, our attention was diverted to focus on China because of those China haters. Remember that? They are the real traitors!!
    GeorgeBMac
  • Reply 9 of 14
    Google says? Well it must be true. 

    One truth is patches often get released to fill in vulnerabilities. Keep your os, apps, extensions up to date. 
    watto_cobra
  • Reply 10 of 14
    IreneWIreneW Posts: 240member
    Google says? Well it must be true. 
    True, it would have been much much better if the exploit was found and report released by Apple. But it wasn't.
    edited July 15
  • Reply 11 of 14
    GeorgeBMacGeorgeBMac Posts: 10,264member
    lkrupp said:
    So, are Russian cyber warriors better than the U.S. Cyber Command? ....
    Was that a question?

    Do we even have a U.S. Cyber (defense)?

    I think we spent all our money on F35's & Russia just slipped in through the cracks (or was it the barn door?)

    Yes, our attention was diverted to focus on China because of those China haters. Remember that? They are the real traitors!!
    That was obviously done intentionally by the chief "China Hater" -- aka  "The Russian Asset".
    "Look over there!"
    ... So, of course, they did!

  • Reply 12 of 14
    welshdogwelshdog Posts: 1,765member
    hexclock said:
    Kill them all. 

    Sure fine, but how about companies producing devices and software make security their first and top priority? This along with the disincentive of life imprisonment for hacking might be the way forward. Also, prison time for not adequately securing customer data would be helpful - for executives, not the lower level workers.
  • Reply 13 of 14
    larryjwlarryjw Posts: 832member
    Remember: The "good guys" want back doors into everything. The "good guys" are funding and using these hacks, so why shouldn't others. 

    So, why should others place nice when we don't. Biden just today told Putin to reign in these supposed "Russian hackers". Then, Biden noted, we have the capability to do the same to them. Then, Biden continued with his Cold War rhetoric. 

    Too much bumper sticker level thinking. 
    GeorgeBMacwatto_cobra
  • Reply 14 of 14
    GeorgeBMacGeorgeBMac Posts: 10,264member
    welshdog said:
    hexclock said:
    Kill them all. 

    Sure fine, but how about companies producing devices and software make security their first and top priority? This along with the disincentive of life imprisonment for hacking might be the way forward. Also, prison time for not adequately securing customer data would be helpful - for executives, not the lower level workers.

    Like the banksters of the 2008 collapse, the CEO's and their corporations are rewarded for making money, rather than protecting the data of their clients.  When that is stolen or destroyed they, and their corporations face little or no punishment.   In the case of the hacking of consumer facing systems, they typically offer a come-on of "12 months of free ID protection" -- which is simply a lead in to hooking them on month to month contacts after the 12 months.
    watto_cobra
Sign In or Register to comment.