New iMessage Vulnerability: How to Protect Your iPhone

Have you heard about the Operation Triangulation attacks that targeted iPhones from 2019-2023? According to Kaspersky, a somewhat controversial Russian cybersecurity software company, Operation Triangulation is a previously known hardware vulnerability in iPhones that was exploited through iMessage by sophisticated cybercriminals. Kaspersky itself was attacked through this incredibly sophisticated attack. Their researchers conducted extensive analysis to understand and report the attack to Apple. The threat has been eliminated thanks to a recent iOS update. But there are lessons to be learned from this complex and initially successful cyberattack. After detecting an attack on their own devices, Kaspersky’s researchers discovered the vulnerability in the Apple System-on-a-Chip (SoC). It allowed hackers to bypass hardware-based memory protections on iOS versions up to 16.6. If this attack had been widespread, it would have had the potential to affect millions of phones worldwide. The iMessage vulnerability may have been originally intended for testing and debugging. But cybercriminals could take advantage of it to gain full control over any iPhone they target. Some key details: Kaspersky was the first identified target of Operation Triangulation, but they don’t believe they were the only ones. Vulnera, an American cybersecurity firm that focuses on identifying and dismantling software and hardware vulnerabilities, wrote in their report on Operation Triangulation that: The expensive and sophisticated Operation Triangulation attack likely didn’t target average citizens. But the fact that the attacks were possible has caused some to sound the alarm. DarkReading, a cybersecurity news site, explained how the Operation Triangulation attack works : If you want a truly thorough explanation of the technical side of things, check out this hour-long presentation from Kaspersky researchers who discovered and fixed this problem. If this iMessage vulnerability was resolved in the CVE-2023-38606 update, is your iPhone safe? Yes – mostly. The vulnerability that Operation Triangulation attackers exploited is fixed. So you shouldn’t have to worry about this particular attack, as long as you have updated your phone. However, it is important to maintain vigilance when it comes to your security online, especially when using your iPhone and its iMessage counterparts. iPhone users are like any other smartphone users – they are on their phones a lot! And they use their phones for a lot of different purposes. People use iMessage to send personal, professional, and even confidential messages all the time. Any attack on your iPhone via iMessage should be concerning! There’s an old myth that Apple devices don’t get viruses and/or aren’t vulnerable to cyberattacks. That’s simply not true. Although Apple has some great security features, any device that accesses the internet is vulnerable to hacking, viruses, cyberattacks, etc. To protect your iPhone from these threats, we recommend taking some easy steps. Whenever Apple catches a vulnerability and repairs it, the fix becomes a part of the next iOS update. That’s why you need to install iOS updates as soon as they become available. These updates often contain critical security patches that plug vulnerabilities that malware and hackers could exploit. Only download apps from the official App Store. Apple reviews these apps for security issues and does everything within its power to keep unsafe apps off the App Store. Apps from other places could contain malware. Go to your Apple ID account settings and turn on two-factor authentication –one of the best protections that everyday users have against bad actors on the internet. This easy-to-activate feature adds an extra layer of security to your account by requiring both your password and a verification code sent to your phone when you sign in. Back up to iCloud or iTunes routinely so you can restore your device if infected. Make sure your backups are encrypted for greater security. Don’t give apps access to information or device features unless they absolutely require it. This limits data compromised if malware infects an app. Phishing attacks are dependent upon tricking people into thinking that they are accessing a legitimate website or giving information to someone they actually know. Unfortunately, because Mac users sometimes think that their devices are immune to hacking and attacks, they don’t bother to learn about how to avoid these kinds of scams. Delete emails and texts requesting you enter account credentials or other info – don’t click any embedded links. Read more about phishing attacks and how to avoid falling for them in our What Is My IP Address guide to phishing scams ! A Virtual Private Network (VPN) encrypts web traffic to anyone from intercepting your sensitive info when connecting from public hotspots. Here are the best VPNs for iPhone . While the Operation Triangulation campaign targeted weaknesses specific to iMessage vulnerabilities in iOS devices, the sophistication of attacks like these underscore that there are no immune platforms. Our mobile devices have increasingly become troves of personal data, which is why users must remain proactive in learning security best practices – from promptly installing updates to resisting phishing lures. Tech firms also play a critical role in identifying threats through security research and rapid disclosure. With cyber threats growing more advanced by the day, maintaining vigilance is a shared responsibility between vendors and users to lock down devices, stay informed, and protect our data.