 It's recently been disclosed that thousands of iPhones have been compromised by malware that gives the attacker full remote control over those vulnerable devices, essentially turning the iPhone into the ultimate spy machine because it lets you spy on the victim through their camera, record their phone calls, and record them at any time through the microphone, and even know their exact location in real time with the GPS. But what's even spookier than gaining root access to what is supposed to be one of the most secure types of smartphones on the planet is the way that attackers were able to gain this access through an exploit in the iPhone's CPU architecture. Oh yeah, you remember the Spectre and Meltdown vulnerabilities from like five plus years ago at this point? Well, we're doing them again, except this time it's with ARM CPUs that are built into the iPhones and Apple's system on a chip design. Now, the vulnerabilities that make this attack possible have been exploited by different agencies for over four years now. The Israeli Cyber Intelligence firm, NSO Group, they famously developed and sold spyware called Pegasus to different government agencies throughout the world. But due to the just sheer complexity of this exploit, which actually relies on a chain of exploits, it took a long time to get the full picture of how a remote attacker could take full control over an iPhone by simply sending you a text on iMessage. For example, back in 2021, an analysis of an iTunes backup revealed an attachment containing the forced entry payload, which exploited a flaw in Apple's image rendering library that would cause a memory leak when trying to render a malicious PDF file that was masquerading as a GIF. And this memory leak would cause a buffer overflow leading to ultimately arbitrary code execution. But once you have that code execution, you still have to escape the iMessage sandbox to be able to affect the rest of the system. Then you have to download the next stages of the malware from the command and control server to get root access to the device. And finally, you have to get the remote administration tool on the device that is only ran in memory and it's not persistent. So if you rebooted your iPhone, then the malware would be gone and you would have to start all over again and reinfecting the device, which would get patched again and again, you know, that first stage where you infected the user through iMessage. But because of the lockdown nature of iPhones, getting a full analysis of this exploit chain was very difficult and it ultimately took four years for it to be completed by security researchers. But at this point, the analysis is complete and the way it was completed is actually kind of interesting because the hackers behind this malware, they actually ended up infecting devices that were belonging to some senior security researchers working at Kaspersky back in the beginning of 2023, which is really ballsy if your goal is to try and prevent people from analyzing your malware. So we now have a name for this infection chain. It's called TriangleDB. Kaspersky actually has a really great blog post that's detailing every step of the attack chain and so I really recommend you read through that if you're interested on the more technical details of how TriangleDB works. But at this point, the four zero day vulnerabilities that made iOS versions as late as 16.2 vulnerable have been patched, at least according to Apple. So it's very important if you're using an iPhone or any of those Apple devices that you install those updates because this attack chain, this malware requires zero interaction from the user for it to be exploited. It's called a no click exploit. But what's even more disturbing is what I mentioned at the start of this video that the exploit chain utilized what many people are calling a back door in Apple's chips that simply lets you bypass the hardware based memory protections in order to gain access to sensitive regions of kernel memory that ultimately let you gain full control over the victim's devices. And to put it simply, the hackers were able to do this by writing the data that they wanted, the destination address for it, and the data hash to unknown registers in Apple's SOC that were completely unused by the firmware which brings us into tinfoil hat territory. How in the world could these hackers, could these attackers know what data hashes to write into what registers if there's absolutely no public information out there on the internet about how to use them? The inclusion of this feature in Apple's SOC in the first place is also pretty fishy, but it could have just been something as simple as Apple engineers use this for debugging during the design process and then they accidentally included it in the final product. But still, how could anyone figure out how to use this hidden feature that's built into the hardware unless they worked for Apple or they helped develop these chips or they work for some other organization that could pressure Apple into cooperating with them like the US government? And that's actually the explanation that Russia is going with that the US government did this. The FSB, they got involved around the same time that Kaspersky was being attacked because the same malware also infected several other iPhones that were belonging to people working in Russian embassies and doing other diplomatic work with Russia. Now, I obviously can't say for sure that the NSA worked with Apple to purposefully include hardware backdoors in their iPhones and then create the secret code to let whatever hackers they want be able to exploit it only if they knew the code. But this is really not something that I could put past the alphabet boys and they're the only ones that I can see being able to compel a company like Apple to do such a thing. So either Apple had a major security fail or they did cooperate with the NSA to spy on the Russian government, Kaspersky and others. But regardless of who is responsible for the triangle DB malware, I'm just kind of surprised that these Russian officials are using iPhones in the first place. So these people working with Russia are using iPhones. Like if I was a Russian working for the FSB and I had to design the offset guidelines for people in the Russian government or working with the Russian government, one of my first rules would be to avoid any American technology that you can, especially close source American technology, like literally everything that is developed by Apple. I used to say, Tim, you got to start doing it over here and you really have. I mean, you've really put a big investment in our country. We appreciate it very much, Tim Apple. And it wouldn't even be that weird to implement such a policy because America did a similar thing a few years back. They actually banned the use of Kaspersky here, at least for people that are working inside of the government. And Best Buy also stopped selling it. I was working at Best Buy at the time in Geek Squad. And this ban really frightened a lot of my boomer clients that I was working with at Geek Squad. Because to them, Kaspersky was like the only thing that was saving their life and their life savings from being stolen by some Indian guy that's working in a call center, pretending to be Norton security or the IRS or whatever. So maybe we will actually see Russia implement some kind of no US tech security standard one day. Like again, I'm really surprised that this isn't a thing already, especially since the US is providing so much aid to Ukraine right now. Maybe the US just gave Ukrainian hackers access to the back door, which means that the US's response to the FSB claims were somewhat truthful saying, hey, it wasn't us, we didn't do it. But this is yet another perfect example of proprietary software controlling the user instead of the user controlling the software. If you enjoyed this video, please like it and share it to hack the algorithm and check out my open source online store, base.win. That doesn't track you unlike other places like Amazon and also unlike Amazon. We let you pay with your favorite cryptocurrency, Monero XMR, which you'll also receive an instant 10% discount at checkout for using it. So get yourself a t-shirt right now on base.win, pay with Monero and have a great day.