Bill PDec 28, 2023
evacide
Security researchers presenting at CCC break down Triangulation, and it’s full of juicy tidbits: https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/
Operation Triangulation: The last (hardware) mystery

Recent iPhone models have additional hardware-based security protection for sensitive regions of the kernel memory. We discovered that to bypass this hardware-based security protection, the attackers used another hardware feature of Apple-designed SoCs.

Kaspersky
Dec 27, 2023 at 10:19pmWeb
Show threadRuss GarrettDec 27, 2023

@evacide the talk video is up now and it has a lot more detail, incredible stuff

https://media.ccc.de/v/37c3-11859-operation_triangulation_what_you_get_when_attack_iphones_of_researchers

Operation Triangulation

media.ccc.de
Show threadjbDec 27, 2023
@evacide I'm really looking forward to watching that talk. Kind of pissed I missed it being streamed because I completely blanked that CCC is happening right now.
Show threadevacideDec 27, 2023
@jb https://media.ccc.de/v/37c3-11859-operation_triangulation_what_you_get_when_attack_iphones_of_researchers
Operation Triangulation

media.ccc.de
Show threadjbDec 27, 2023

@evacide Oooh, thanks! Didn't see it on the media recordings.

Guess I should've looked again. Assumed they'd not be up until tomorrow.

Show threadSpaceLifeFormDec 27, 2023

@evacide

#SiliconTurtles

The big question is: How did the Supply Chain attack get started?

Was it in the Photolithography specs, or did it happen on the backend at the fab?

Show threadKevin RiggleDec 28, 2023
@SpaceLifeForm @evacide Why should an adversary bother to do a supply chain attack when every vendor introduces more than enough of these bugs for free?
Show threadSpaceLifeFormDec 28, 2023

@kevinriggle @evacide

Persistence. Also there are no binaries to be reversed engineered over releases to discover non-revealed zero-days.

Is there any reason to believe that this exploit chain is the only one using this hardware mis-feature?

I would not bet on that being the case.

Show threadKevin RiggleDec 28, 2023
@SpaceLifeForm lolllllllll darling
Show threadKevin RiggleDec 28, 2023
@SpaceLifeForm it literally doesn’t give them persistence. They have to reinfect after every reboot
Show threadSpaceLifeFormDec 28, 2023

@kevinriggle

Pulls battery.

Oh. Nevermind. /s

Show threadKevin RiggleDec 29, 2023
@SpaceLifeForm you don’t have to, literally just power cycling is enough! Though if you want to that obviously works too
Show threadDavid JONESDec 28, 2023
@evacide "nice" to see a font tech exploit as part of the chain: exploiting an undocumented and badly written instruction in TrueType fonts. Something I had suspected was possible for a while. The font stack is full of bloat and bugs.
#TrueType