For a long time after the birth of smartphones, Apple's iPhone has been the benchmark in the industry. With its exquisite design, smooth operating system, and unparalleled security built on a closed ecosystem... Especially this "security" aspect, it has always been a significant barrier for many Apple enthusiasts to switch to the Android system. Let's be honest, the equation "iPhone equals security" has become the first impression for many when thinking about iPhones. Image Source: Apple Official Website
But here comes Xiao Lei again with another "but". The once unshakable myth of "absolute security" surrounding the iPhone has been occasionally challenged in recent years. The reason? The existence of "zero-day vulnerabilities", which have been exploited by hackers and malicious actors for attacks.
Despite the extremely high security of iOS, the development team behind it is composed of humans, and inevitably, there may be overlooked details. And that's where the problem arises.
Recently, Xiao Lei discovered that there are companies willing to pay millions of dollars to acquire zero-day vulnerabilities in iOS! This has turned the discussion around "zero-day vulnerabilities" into a grey industry chain. Today, Xiao Lei will delve deep into this topic for everyone. Zero-day vulnerability, often referred to as zero-day for short, sounds like something out of science fiction, but understanding it is not rocket science.
In simple terms, a zero-day vulnerability, also known as a zero-hour flaw, typically refers to a security vulnerability for which no patch is available.
The term "zero-day" signifies the number of days since the vulnerability was publicly disclosed without a patch being made available. Because it's difficult to patch vulnerabilities immediately after they are disclosed.
So, if N days have passed since the disclosure and there's still no patch available, it can be called an "N-day" vulnerability. Derived from zero-day vulnerabilities, attacks are termed "zero-day attacks" or "zero-hour attacks." Hackers are particularly drawn to zero-day vulnerabilities, often boasting about their technical prowess in discovering them. From discovery of a zero-day vulnerability to executing an attack, the process typically involves five steps, as outlined briefly by Xiao Lei. Firstly, there's the hunt for zero-day vulnerabilities, which requires confirmation of suspected vulnerabilities. Next comes the creation of attack code based on the zero-day vulnerability, followed by circumventing network defenses set up by administrators. Finally, the attack code is deployed to execute the zero-day attack by implanting malicious software. Source: Huawei
In most cases, zero-day vulnerabilities pose a significant risk, often leading to widespread devastation. Take, for example, the recent "Operation Triple Triad," which exploited zero-day vulnerabilities to attack iPhones. Image Source: Internet
So, the name was actually coined by the Kaspersky team because the compromised iPhone belonged to a member of their team...
The hackers, taking their provocation to this level, naturally came prepared with full force, employing not one but four zero-day vulnerabilities this time!
These four zero-day vulnerabilities are CVE-2023-41990, CVE-2023-32434, CVE-2023-32435, and CVE-2023-38606.
Explaining the attack's principles would be too complex, but just remember, folks, this lineup of attacks can be deemed "luxurious." Triangle Measurement Operation Attack Diagram Source: Kaspersky With these four zero-day vulnerabilities, hackers can gain godlike privileges, executing remote code is just a piece of cake. According to Kaspersky, for at least four years, hackers could directly infect spyware through iMessage texts. What's outrageous is that victims can be infected without any action, leading to their phones being monitored by hackers in the background. So, based on this zero-day vulnerability group, the Triangle Measurement Operation can attack all iOS versions before 16.2. In addition to iPhones, even iPads, Macs, iPods, Apple TVs, and Apple Watches will also be affected. So, the "Triangle Measurement Operation" is also known as the most sophisticated spyware attack in iPhone history. Image Source: Apple Official Website
Fortunately, Apple has gradually patched the triangulation vulnerability present in the platform-wide system through subsequent system updates. Unveiling the Shadowy World of Zero-Day Exploits
From a dialectical perspective, the existence of zero-day vulnerabilities isn't entirely nefarious; it typically harbors two distinct markets.
In the white market, enterprises or vendors often resort to bounty programs to solicit leads on zero-day exploits, aiming to roll out corresponding patches promptly.
Contrastingly, in the grey market, buyers exploit zero-day vulnerabilities for illicit activities such as financial gains, pilfering sensitive information, and other criminal endeavors.
(Image Source: pulsestacks) So, nowadays, zero-day vulnerabilities aren't just simple technical bugs anymore. Instead, they've spawned an entire industry chain.
Take Crowdfense, for example. Back in 2019, they invested $10 million to kickstart their vulnerability purchase program. One might have thought that bid was high enough, but recently, Crowdfense upped the ante with the launch of their Exploit Acquisition Program.
This program comes with a price tag of $30 million, earmarked for acquiring zero-day vulnerabilities in popular mainstream products like smartphones and apps. Image Source: Crowdfense
Taking a glance at the price list, zero-click full-chain vulnerabilities for iOS range from $5 to $7 million, while for Android it's $5 million. As for the rest of the vulnerability prices, folks can check out the image below, and I won't list them one by one here. Crowdfense indicates that the reason for the high purchase prices is because they are a cybersecurity company specializing in this field. These acquired zero-day vulnerabilities will mainly be used for intelligence gathering, security, and maintenance related to government entities. Source: Crowdfense
But here comes Xiao Lei with his "but" again. Crowdfense's high prices haven't peaked yet. In some gray markets, zero-day vulnerabilities fetch even higher prices. The reason is simple: profit. Some particularly potent zero-days can be leveraged to create even greater profits. When you follow this chain of interests, it's easy to understand why hackers tirelessly hunt for zero-day vulnerabilities. Final Looking to deal with zero-day vulnerabilities? Little tricks won't cut it this time, clearly beyond the reach of us ordinary folks. Dealing with zero-day vulnerabilities mainly relies on the response from enterprises and relevant authorities to have a practically effective defense. Fortunately, most zero-day vulnerabilities that emerge are quickly patched up by the authorities, which helps in maintaining security. Just like the spyware surveillance vulnerability in the infamous "Pegasus Project", which was ultimately resolved after Apple upgraded its system. So, for all the iPhone users out there, no need to fret too much, just keep using your phone as usual. Cover image source: Apple