AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/29/2023

iPhone Triangulation attack abused undocumented hardware feature 

The Operation Triangulation spyware attacks targeting iPhone devices since 2019 leveraged undocumented features in Apple chips to bypass hardware-based security protections. This finding comes from Kaspersky analysts who have been reverse-engineering the complex attack chain over the past year, trying to unearth all details that underpin the campaign they originally discovered in June 2023. The discovery and use of obscure hardware features likely reserved for debugging and factory testing to launch spyware attacks against iPhone users suggest that a sophisticated threat actor conducted the campaign. 


Apple reportedly faces pressure in India after sending out warnings of state-sponsored hacking 

Indian authorities allied with Prime Minister Narendra Modi have questioned Apple on the accuracy of its internal threat algorithms and are now investigating the security of its devices, according to The Washington Post. Officials apparently targeted the company after it warned journalists and opposition politicians that state-sponsored hackers may have infiltrated their devices back in October. While Apple is under scrutiny for its security measures in the eyes of the public, the Post says government officials were more upfront with what they wanted behind closed doors. 


Researchers come up with better idea to prevent AirTag stalking 

Apple’s AirTags are meant to help you effortlessly find your keys or track your luggage. But the same features that make them easy to deploy and inconspicuous in your daily life have also allowed them to be abused as a sinister tracking tool that domestic abusers and criminals can use to stalk their targets. Over the past year, Apple has taken protective steps to notify iPhone and Android users if an AirTag is in their vicinity for a significant amount of time without the presence of its owner’s iPhone, which could indicate that an AirTag has been planted to secretly track their location. Apple hasn’t said exactly how long this time interval is, but to create the much-needed alert system, Apple made some crucial changes to the location privacy design the company originally developed a few years ago for its “Find My” device tracking feature. Researchers from Johns Hopkins University and the University of California, San Diego, say, though, that they’ve developed a cryptographic scheme to bridge the gap—prioritizing detection of potentially malicious AirTags while also preserving maximum privacy for AirTag users. 


With car privacy concerns rising, automakers may be on road to regulation 

Faye Francy decided to buy a used car from a dealer a few hours from her house. After writing a check and signing the paperwork, she synced her phone to the infotainment center so she could get step-by-step directions and find her way back. Francy, who runs the industry-driven vehicle cybersecurity organization Automotive Industry Sharing and Analysis Center, was excited to try out her new car’s navigation feature. She was very surprised by how things turned out. “I hit home and I started following the directions — and it took me to the previous owner’s home,” Francy recalled in an interview discussing the 2017 incident. 


Europe’s Largest Parking App Provider Informs Customers of Data Breach 

EasyPark Group, Europe’s largest parking application operator, has disclosed a data breach impacting customer information. The company determined on December 10 that it was targeted in a cyberattack and an investigation revealed that “non-sensitive customer data” had been compromised. Data stolen by hackers includes name, phone number, physical address, email address and partial IBAN or credit/debit card numbers. 

Related Posts