{"id":5916,"date":"2024-01-03T22:58:37","date_gmt":"2024-01-03T21:58:37","guid":{"rendered":"https:\/\/sajberinfo.com\/?p=5916"},"modified":"2024-01-03T22:58:37","modified_gmt":"2024-01-03T21:58:37","slug":"operacija-triangulation-nova-analiza","status":"publish","type":"post","link":"https:\/\/sajberinfo.com\/en\/2024\/01\/03\/operacija-triangulation-nova-analiza\/","title":{"rendered":"Operacija Triangulation: Nova analiza"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\">Sigurnosni istra\u017eiva\u010di iz kompanije <em>Kaspersky<\/em> su <a href=\"https:\/\/www.kaspersky.com\/about\/press-releases\/2023_connecting-the-dots-kaspersky-reveals-in-depth-insights-into-operation-triangulation\" target=\"_blank\" rel=\"noopener\">objavili nove tehni\u010dke detalje<\/a> o operaciji <em>Triangulation<\/em>, izuzetno sofisticiranom <em>iOS<\/em> \u0161pijunskom napadu otkrivenom <a href=\"https:\/\/sajberinfo.com\/en\/2023\/06\/04\/napad-na-iphone-operation-triangulation\/\" target=\"_blank\" rel=\"nofollow noopener\">ranije ove godine<\/a>. Napad je iskoristio vi\u0161estruke ranjivosti <a href=\"https:\/\/sajberinfo.com\/en\/2023\/04\/11\/zero-day\/\" target=\"_blank\" rel=\"nofollow noopener\">nultog dana<\/a> da tiho kompromituje <em>iPhone<\/em> ure\u0111aje i instalira \u0161pijunski softver bez ikakve interakcije korisnika.<\/span><\/p>\n<div id=\"attachment_5920\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-5920\" class=\"size-full wp-image-5920\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/01\/Operation-Triangulation.jpg\" alt=\"Triangulation\" width=\"1024\" height=\"1024\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/01\/Operation-Triangulation.jpg 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/01\/Operation-Triangulation-300x300.jpg 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/01\/Operation-Triangulation-150x150.jpg 150w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/01\/Operation-Triangulation-768x768.jpg 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/01\/Operation-Triangulation-12x12.jpg 12w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/01\/Operation-Triangulation-80x80.jpg 80w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/01\/Operation-Triangulation-320x320.jpg 320w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-5920\" class=\"wp-caption-text\"><em>Operacija Triangulation: Nova analiza; Source: Bing Image Creator<\/em><\/p><\/div>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Sadr\u017eaj<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ffffff;color:#ffffff\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ffffff;color:#ffffff\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewbox=\"0 0 24 24\" version=\"1.2\" baseprofile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/sajberinfo.com\/en\/2024\/01\/03\/operacija-triangulation-nova-analiza\/#iMESSAGE_RANJIVOST\">iMESSAGE RANJIVOST<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/sajberinfo.com\/en\/2024\/01\/03\/operacija-triangulation-nova-analiza\/#TAJNA_iPHONE_FUNKCIJA\">TAJNA iPHONE FUNKCIJA<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/sajberinfo.com\/en\/2024\/01\/03\/operacija-triangulation-nova-analiza\/#FUNKCIONISANJE_ISKORISTAVANJA_RANJIVOSTI\">FUNKCIONISANJE ISKORI\u0160TAVANJA RANJIVOSTI<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/sajberinfo.com\/en\/2024\/01\/03\/operacija-triangulation-nova-analiza\/#ZAKLJUCAK\">ZAKLJU\u010cAK<\/a><\/li><\/ul><\/nav><\/div>\n\n<h2><span class=\"ez-toc-section\" id=\"iMESSAGE_RANJIVOST\"><\/span><strong><span style=\"font-size: 14pt;\"><em>iMESSAGE<\/em> RANJIVOST<\/span><\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Prema dostupnim informacijama, <a href=\"https:\/\/sajberinfo.com\/en\/2021\/09\/26\/malware\/\" target=\"_blank\" rel=\"nofollow noopener\">zlonamjerni softver<\/a> je prvobitno isporu\u010den na <em>iPhone<\/em> ure\u0111aje preko zlonamjernih <em>iMessage<\/em> poruka. Poruke su sadr\u017eavale eksploatacije koje su tiho inficirale ure\u0111aje bez ikakve interakcije korisnika, omogu\u0107avaju\u0107i napada\u010dima da instaliraju \u0161pijunski softver koji je prikupljao podatke uklju\u010duju\u0107i snimke, fotografije, lokaciju i jo\u0161 mnogo toga.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">\u010cak i nakon \u0161to su zara\u017eeni <em>iPhone<\/em> ure\u0111aji ponovo pokrenuti, napada\u010di bi poslali nove poruke da ih ponovo iskoriste. Ovo je omogu\u0107ilo da kampanja traje godinama neotkrivena.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Analiza kompanije <em>Kaspersky<\/em> otkrila je da je operacija <em>Triangulation<\/em> koristila izuzetno napredan lanac eksploatacije od \u010detiri ranjivosti nultog dana da bi zaobi\u0161la bezbjednosnu za\u0161titu <em>iPhone<\/em> ure\u0111aja i postigla potpunu kontrolu nad sistemom ure\u0111aja. Kompanija <em>Apple<\/em> je od tada ispravila sve \u010detiri ranjivosti, koje su ozna\u010dene kao:<\/span><\/p>\n<ul>\n<li><span style=\"font-size: 14pt;\"><a href=\"https:\/\/support.apple.com\/en-us\/103837\" target=\"_blank\" rel=\"noopener\">CVE-2023-32434<\/a><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><a href=\"https:\/\/support.apple.com\/en-us\/HT213676\" target=\"_blank\" rel=\"noopener\">CVE-2023-32435<\/a><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><a href=\"https:\/\/support.apple.com\/en-us\/HT213841\" target=\"_blank\" rel=\"noopener\">CVE-2023-38606<\/a><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><a href=\"https:\/\/support.apple.com\/en-us\/HT213842\" target=\"_blank\" rel=\"noopener\">CVE-2023-41990<\/a><\/span><\/li>\n<\/ul>\n<p><span style=\"font-size: 14pt;\">Zlonamjerno djelovanje je bilo usmjereno na ranjivosti u oblastima kao \u0161to su jezgro (eng. <em>kernel<\/em>) <em>iOS<\/em> operativnog sistema, <em>Safari<\/em> pregleda\u010d i prikazivanje fontova. Kombinacija ovih ranjivosti je omogu\u0107ila napada\u010dima da obiju <em>root<\/em> privilegije na ure\u0111ajima i onemogu\u0107e bezbjednosne funkcije kao \u0161to je potpisivanje k\u00f4da jezgra sistema.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Najzanimljivije otkri\u0107e sigurnosnih istra\u017eiva\u010da je bilo kori\u0161tenje nepoznate ranjivosti hardvera koja je napada\u010dima omogu\u0107ila da zaobi\u0111u naprednu za\u0161titu memorije. Radi se o za\u0161titi memorije koja se zove sloj za\u0161tite stranice (eng. <em>Page Protection Layer<\/em>) koji spre\u010dava \u010dak i zlonamjerni softver na nivou jezgra sistema da proizvoljno pokre\u0107e k\u00f4d i mijenja podatke.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"TAJNA_iPHONE_FUNKCIJA\"><\/span><span style=\"font-size: 14pt;\"><strong>TAJNA <em>iPHONE<\/em> FUNKCIJA<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Koriste\u0107i obrnuti in\u017einjering, sigurnosni istra\u017eiva\u010di su otkrili da su <a href=\"https:\/\/sajberinfo.com\/en\/2022\/03\/19\/hakeri-crni-sesiri-epizoda-3\/\" target=\"_blank\" rel=\"nofollow noopener\">zlonamjerni akteri<\/a> iskoristili tajne memorijske registre povezane sa nedokumentovanom hardverskom funkcijom kako bi onemogu\u0107ili\u00a0 sloj za\u0161tite stranice.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Ovi registri se ne pojavljuju u <em>Apple<\/em> dokumentaciji, pa sigurnosni istra\u017eiva\u010di pretpostavljaju da je ova funkcija vjerovatno bila namijenjena internom testiranju ili otklanjanju gre\u0161aka i slu\u010dajno ostala dostupna. Napada\u010di koji iskori\u0161tavaju tako tajnu hardversku funkciju, pokazuju zavidan nivo mogu\u0107nosti. Trenutno nije poznato kako su saznali za navedenu ranjivost.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"FUNKCIONISANJE_ISKORISTAVANJA_RANJIVOSTI\"><\/span><span style=\"font-size: 14pt;\"><strong>FUNKCIONISANJE ISKORI\u0160TAVANJA RANJIVOSTI<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Napada na ure\u0111aj po\u010dinje iskori\u0161tavanjem <em>CVE-2023-41990<\/em>, ranjivosti u <em>Apple<\/em> implementaciji <em>TrueType<\/em> fonta, koja je uz razne tehnike napada omogu\u0107ila napada\u010du zaobilazak sigurnosnog mehanizma za\u0161tite od iskori\u0161tavanja. Proces se nastavlja izvr\u0161avanjem daljinskog k\u00f4da sa minimalnim sistemskim privilegijama. Nakon iskori\u0161tavanja <em>CVE-2023-41990<\/em> ranjivosti uz po\u010detni pristup, napada\u010di ciljaju jezgro <em>iOS<\/em> sistema koriste\u0107i <em>CVE-2023-32434<\/em> i <em>CVE-2023-38606<\/em>.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Ranjivost <em>CVE-2023-32434<\/em> je ranjivost memorije u <em>XNU<\/em> mehanizmu dizajniranom da izdr\u017ei poku\u0161aje o\u0161te\u0107enja memorije unutar jezgra <em>iOS<\/em> sistema. Nakon toga napada\u010d iskori\u0161tava <em>CVE-2023-38606<\/em> ranjivost koja se odnosi na tajne <em>MMIO<\/em> registre, \u0161to napada\u010du omogu\u0107ava zaobila\u017eenje sloja za\u0161tite stranice, a koji bi trebao da spre\u010dava ubrizgavanje zlonamjernog k\u00f4da i modifikaciju jezgra sistema \u010dak i nakon \u0161to je jezgro kompromitovano.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Nakon toga napada\u010d iskori\u0161tava ranjivost Safari pregleda\u010da ozna\u010denu kao CVE-2023-32435 da bi izvr\u0161io komandno okru\u017eenje. Kroz komandno okru\u017eenje dolazi do ponovnog iskori\u0161tavanja ranjivosti <em>CVE-2023-32434<\/em> i <em>CVE-2023-38606<\/em> da bi napada\u010d dobio <em>root<\/em> pristup potreban za instaliranje \u0161pijunskog softvera.<\/span><\/p>\n<div id=\"attachment_5921\" style=\"width: 1930px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-5921\" class=\"size-full wp-image-5921\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/01\/Operation-Triangulations-attack-chain.webp\" alt=\"attack chain\" width=\"1920\" height=\"1080\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/01\/Operation-Triangulations-attack-chain.webp 1920w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/01\/Operation-Triangulations-attack-chain-300x169.webp 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/01\/Operation-Triangulations-attack-chain-1024x576.webp 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/01\/Operation-Triangulations-attack-chain-768x432.webp 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/01\/Operation-Triangulations-attack-chain-1536x864.webp 1536w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/01\/Operation-Triangulations-attack-chain-18x10.webp 18w\" sizes=\"auto, (max-width: 1920px) 100vw, 1920px\" \/><p id=\"caption-attachment-5921\" class=\"wp-caption-text\"><em>Operation Triangulation\u2019s attack chain; Image: Kaspersky<\/em><\/p><\/div>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"ZAKLJUCAK\"><\/span><span style=\"font-size: 14pt;\"><strong>ZAKLJU\u010cAK<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Ovaj napad pokazuje da napredni i motivisani napada\u010di mogu da otkriju i iskoriste nejasne hardverske ranjivosti da bi zaobi\u0161li za\u0161titu platforme. Prema kompaniji <em>Kaspersky<\/em>, to predstavlja neuspjeh pristupa \u201c<em>bezbjednosti zatvoreno\u0161\u0107u<\/em>\u201d (eng. <em>security by obscurity<\/em>) u hardverskoj bezbjednosti.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Ovo pokazuje i da nedavna pobolj\u0161anja bezbjednosti <em>iOS<\/em> operativnog sistema kao \u0161to su <em>PPL<\/em> i <em>PAC<\/em> nisu otporna pred nepoznatim hardverskim gre\u0161kama. Ranjivosti fokusirane na hardver posebno predstavljaju izazov, jer se ne mogu popraviti redovnim a\u017euriranjem softvera. Eksploatacije koje ciljaju na njih mogu ostati odr\u017eive godinama u vi\u0161e verzija <em>iOS<\/em> operativnog sistema.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Kompletan proces iskori\u0161tavanja ovih ranjivosti funkcioni\u0161e na svim verzijama <em>iOS<\/em> operativnog sistema do verzije <em>16.2<\/em>, a u verzijama <em>16.3<\/em> i <em>16.4<\/em> <em>iOS<\/em> operativnog sistema kompanija <em>Apple<\/em> navedene ranjivosti. Za korisnike ovo nagla\u0161ava va\u017enost a\u017euriranja i opreza sa nepoznatim vezama u svim vrstama poruka.<\/span><\/p>","protected":false},"excerpt":{"rendered":"<p>Sigurnosni istra\u017eiva\u010di iz kompanije Kaspersky su objavili nove tehni\u010dke detalje o operaciji Triangulation, izuzetno sofisticiranom iOS \u0161pijunskom napadu otkrivenom ranije ove godine. Napad je iskoristio vi\u0161estruke ranjivosti nultog dana da tiho kompromituje iPhone ure\u0111aje&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":5920,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[663,186,342,595,662],"class_list":["post-5916","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hronike","tag-imessage","tag-ios","tag-iphone","tag-safari","tag-triangulation"],"_links":{"self":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/5916","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/comments?post=5916"}],"version-history":[{"count":0,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/5916\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media\/5920"}],"wp:attachment":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media?parent=5916"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/categories?post=5916"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/tags?post=5916"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}