Russian security firm Kaspersky discovers serious iPhone risks, but Apple refuses to pay
In 2023, a Russian-based security company, Kaspersky, discovered an iPhone vulnerability called '
Apple reviews the 'Kaspersky Lab' $1 million in unregistered 'free' apps on iPhone
https://rtvi.com/stories/apple-otkazalas-vyplatit-laboratorii-kasperskogo-1-mln-za-najdennuyu-dyru-v-iphone/
Apple refused to pay bounty to Kaspersky for uncovering vulnerability in 'Operation Triangulation' - 9to5Mac
https://9to5mac.com/2024/06/09/security-bite-apple-refused-to-pay-bounty-to-kaspersky-for-uncovering-vulnerability-part-of-operation-triangulation/
Kaspersky announced in June 2023 that it had discovered a vulnerability in iOS called 'Operation Triangulation.' Operation Triangulation allows users to access confidential data recorded by the iPhone's microphone and camera simply by sending an iMessage to the target. Kaspersky announced follow-up reports in November 2023 and January 2024 to raise awareness of the risk. Operation Triangulation is summarized in the following article.
Details of the zero-day vulnerability 'Triangulation' that allows access to sensitive iPhone data simply by sending an iMessage have been released, revealing that a secret hardware feature was exploited - GIGAZINE
Apple released an update to fix Operation Triangulation in June 2023. The update's release notes include the names of Kaspersky researchers, and Apple has acknowledged Kaspersky's contributions.
Apple has a bounty program that pays rewards to reporters of vulnerabilities according to the level of risk. According to the bounty page, rewards of up to $1 million (approximately 157 million yen) can be paid for vulnerabilities such as Operation Triangulation that allow attacks to be carried out without user interaction. However, Apple is refusing to pay Kaspersky due to internal policies.
The specific reasons why Apple is refusing to pay Kaspersky are unclear. In addition, the Federal Communications Commission (FCC) added Kaspersky to the 'list of 'covered devices and services' that could pose an unacceptable threat to national security and the safety of Americans' in March 2022, shortly after Russia began its invasion of Ukraine. Kaspersky has issued a statement condemning the FCC's decision, saying, 'We are a private company and have no ties to any government, including Russia.'
Kaspersky Lab Statement on FCC Notice | Kaspersky Lab
https://www.kaspersky.co.jp/about/press-releases/2022_bus28032022
According to Dmitry Galov , head of Kaspersky's Russia and CIS unit, Kaspersky will deploy Android smartphones instead of iPhones as company terminals from 2023. Galov explained the reason for adopting Android smartphones, saying, 'Android allows detailed management of security elements and makes it easier to deal with cyber attacks.'
◆ Forum is currently open
A forum related to this article has been set up on the official GIGAZINE Discord server . Anyone can post freely, so please feel free to comment! If you do not have a Discord account, please refer to the account creation procedure article to create an account!
• Discord | 'Do you think Apple should pay a bounty to Kaspersky?' | GIGAZINE
https://discord.com/channels/1037961069903216680/1249648744375259196
Related Posts: