Russia Says Restrictions Needed to Defend Against US Spying With iMessage Zero-Day
Russia is mulling a ban on iPhone use by government employees after a suspected American intelligence campaign exploited vulnerabilities in the device to spy on Russian staff. The ban is the latest in a slew of similar measures taken by Moscow against Western tech devices.
The ban, set to go into effect Monday, will initially restrict all employees at the Ministry of Industry and Trade from using Apple smartphones in official activities, Russian media outlet RBC reported earlier this month.
Other government departments also will be subjected to similar bans in coming months, the RBC said.
The recent development comes just months after the Russian Federal Security Service said it had uncovered several thousand iPhones infected with the spyware and accused Apple of collaborating with the U.S. National Security Agency (see: Kaspersky Discloses Apple Zero-Click Malware).
Moscow-based cybersecurity firm Kaspersky, whose employees were also targeted, attributed the attacks to an out-of-bounds vulnerability tracked as CVE-2022-46690, which was patched in iMessage in December. The campaign, dubbed Operation Triangulation by Kaspersky, began with hackers exploiting the flaw by sending a zero-click malware as an iMessage attachment that automatically triggers code execution.
The malware exfiltrated data including microphone recordings, photos from instant messaging apps, and geolocation and other sensitive data. The Russian National Coordination Center for Computer Incidents said it has identified 15 malware command-and-control domains tied to the campaign and described it as a “reconnaissance operation by American intelligence agencies.”
The development is the latest in a string of measures undertaken by the Russian government to isolate itself from the global internet as it continues to reel under stringent economic sanctions imposed by Western governments since its invasion of Ukraine last year.
Earlier this month, the Russian federal communication office Roskomnadzor tested RutNet, its domestic internet, by turning off the “international internet,” RBC reported, quoting officers familiar with development. Russia intends to run this test annually, which will require all internet service providers in the country to install a specific software on their networks that will enable Roskomnadzor to control traffic routing, the RBC reported.
The development is “extremely alarming”, digital rights group Access Now’s Natalia Krapiva said, noting the measure is a last-ditch attempt by Moscow to block YouTube, Telegram and other “last-remaining sources of accurate information in Russia.”
Although Roskomnadzor claimed the test had been successful, service outages were reported across Russia. “Roskomnadzor’s claim that the Sovereign Internet testing was ‘successful’ as the internet outages were scattered and not wide scale,” Krapiva tweeted. “Sounds like Putin won’t be able to isolate Russian people any time soon, but he’ll keep trying.”
In March, the government ordered Russian banks and other financial organizations to stop using Telegram, WhatsApp and seven other popular instant messaging apps to make financial transactions or send the personal information of Russian nationals.
Such measures should be seen as the Russian government’s admission of fears that foreign states could access personal data, chatlogs, and geolocation and other sensitive data belonging to Russian nationals – which could pose a threat to national security, said Stefan Soesanto, a senior researcher at ETH Zurich.
“In the short term, the restriction might be best viewed as purely pre-emptive and defensive,” Soesanto said. “In the long run, this move might work in favor of the Russian government as more and more Russian-made apps will enter the domestic market – and likely gain popularity.”
He added that chances for a complete ban on foreign messenger apps and technology in Russia are slim. “No authoritarian or democratic government has been able to pull that stunt off.”