Apple has denied working with any government to add backdoors to its products after Russia accused the company of helping US intelligence agencies hack iPhones.
In a statement provided to SecurityWeek, an Apple spokesperson said, “We have never worked with any government to insert a backdoor into any Apple product and never will.”
The statement comes in response to the Russian security service FSB claiming that Apple has assisted US intelligence agencies, specifically the NSA, with a spying campaign targeting thousands of iOS devices belonging to local users and foreign diplomatic missions in NATO countries, China and Israel.
The accusations are not surprising in the context of the United States’ involvement in the war between Russia and Ukraine. In fact, according to reports, Russian officials were told recently to ditch their iPhones due to data security concerns.
The FSB’s latest accusations came just as Russian cybersecurity firm Kaspersky revealed that iPhones on its corporate network were targeted recently by an APT actor as part of a campaign it calls Operation Triangulation.
The company’s investigation is ongoing, but the data analyzed so far shows that the attack starts with an attachment containing an exploit being sent to the targeted user via iMessage.
The exploit is triggered without any user interaction. Code execution and privilege escalation vulnerabilities are exploited to download a sophisticated piece of malware that runs with root privileges. The malware can collect system and user information and run arbitrary code on the compromised system.
Kaspersky’s CEO, Eugene Kaspersky, revealed in a blog post that several dozen iPhones belonging to senior employees were infected with the spyware, which can collect recordings via the device’s microphone, photos from messaging apps, geolocation, and other data. He noted that the malware prevents devices from receiving iOS updates and they have not found an effective way to remove the threat without losing user data.
It’s unclear if the attack involves the exploitation of zero-day vulnerabilities. Kaspersky has identified attacks dating as far back as 2019 and the newest iOS version confirmed to be targeted is iOS 15.7.
Apple has highlighted this part of Kaspersky’s report, which suggests that the attacks do not involve the exploitation of zero-day vulnerabilities. iOS 15.7 was released in September 2022, and the latest version of the mobile operating system is 16.5.
Kaspersky has not attributed the attack to any known or unknown threat group. This, however, would not be the first time the company has described the activities of a hacker group believed to be linked to the United States.
Kaspersky is also known to publish reports detailing the activities of APTs tied to Russia. It has reportedly also helped the NSA uncover one of its worst-ever security breaches, but on the other hand it has also faced accusations of knowingly or unknowingly helping Russian hackers obtain NSA data.
Nearly a decade ago, the company was targeted with the advanced Duqu 2.0 malware, which is believed to have been developed by Israeli intelligence.
Apple has shown willingness to work with US authorities on law enforcement matters, but it has taken a hard line when asked to implement encryption backdoors that would make it easier to conduct such investigations.
In fact, the company has been strengthening and expanding encryption. In addition, it has dropped plans to implement features that could be abused for government surveillance.
*updated to add information from Eugene Kaspersky blog post
Related: Appeals Court Sides With Corellium in Apple Copyright Case
Related: Apple Releases First-Ever Security Updates for Beats, AirPods Headphones
Related: Apple, Google Propose Standard to Combat Misuse of Location-Tracking Devices
