Comment by manuelabeledo
2 years ago
To be fair, that was just Kaspersky taking a jab at Apple, after being absolutely gutted by hackers because of their own poor security posture.
2 years ago
To be fair, that was just Kaspersky taking a jab at Apple, after being absolutely gutted by hackers because of their own poor security posture.
I don’t really see anything wrong with their security posture here.
For starters, it took them four years to detect an intrusion that takes advantage of a messaging service (iMessage) that wasn't the corporate choice for internal communications, and allowed the exfiltration of gigabytes of data from the C-suite and high level managers.
This is Kaspersky. They had to be aware of the long history of iMessage security bugs. They could have disabled it. They chose to ignore it instead.
This is an exploit from an adversary that reversed undocumented MMIO registers to completely bypass kernel write protections. Do you honestly believe that disabling iMessage would keep them out? They’d just field the exploit using Exchange or HomeKit or any of the dozen other ways there are to get content onto the devices.
1 reply →
Article says large data files were sent from device to servers. Perhaps they could have configured their networks to detect/block this part.
The whole story starts with them detecting the anomalous network traffic, so not sure what you think they did wrong.
2 replies →
They did, because they detected it using their network monitoring stack.
This would have a very high false positive rate.