3 iOS 0-days, a cellular network compromise, and HTTP used to infect an iPhone

Apple has patched a potent chain of iOS zero-days that were used to infect the iPhone of an Egyptian presidential candidate with sophisticated spyware developed by a commercial exploit seller, Google and researchers from Citizen Lab said Friday.

The previously unknown vulnerabilities, which Apple patched on Thursday, were exploited in clickless attacks, meaning they didn’t require a target to take any steps other than to visit a website that used the HTTP protocol rather than the safer HTTPS alternative. A packet inspection device sitting on a cellular network in Egypt kept an eye out for connections from the phone of the targeted candidate and, when spotted, redirected it to a site that delivered the exploit chain, according to Citizen Lab, a research group at the University of Toronto’s Munk School.

A cast of villains, 3 0-days, and a compromised cell network

Citizen Lab said the attack was made possible by participation from the Egyptian government, spyware known as Predator sold by a company known as Cytrox, and hardware sold by Egypt-based Sandvine. The campaign targeted Ahmed Eltantawy, a former member of the Egyptian Parliament who announced he was running for president in March. Citizen Lab said the recent attacks were at least the third time Eltantawy’s iPhone has been attacked. One of them, in 2021, was successful and also installed Predator.

“The use of mercenary spyware to target a senior member of a country’s democratic opposition after they had announced their intention to run for president is a clear interference in free and fair elections and violates the rights to freedom of expression, assembly, and privacy,” Citizen Lab researchers Bill Marczak, John Scott-Railton, Daniel Roethlisberger, Bahr Abdul Razzak, Siena Anstis, and Ron Deibert wrote in a 4,200-word report. “It also directly contradicts how mercenary spyware firms publicly justify their sales.”

The vulnerabilities, which are patched in iOS versions 16.7 and iOS 17.0.1, are tracked as:

• CVE-2023-41993: Initial remote code execution in Safari
• CVE-2023-41991: PAC bypass
• CVE-2023-41992: Local privilege escalation in the XNU Kernel

According to research published Friday by members of Google’s Threat Analysis Group, the attackers who exploited the iOS vulnerabilities also had a separate exploit for installing the same Predator spyware on Android devices. Google patched the flaws on September 5 after receiving a report by a research group calling itself DarkNavy.

“TAG observed these exploits delivered in two different ways: the MITM injection and via one-time links sent directly to the target,” Maddie Stone, a researcher with the Google Threat Analysis Group, wrote. “We were only able to obtain the initial renderer remote code execution vulnerability for Chrome, which was exploiting CVE-2023-4762.”

The attack was complex. Besides leveraging three separate iOS vulnerabilities, it also relied on hardware made by a manufacturer known as Sandvine. Sold under the brand umbrella PacketLogic, the hardware sat on the cellular network the targeted iPhone accessed and monitored traffic passing over it for his phone. Despite the precision, Citizen Lab said that the attack is blocked when users turn on a feature known as Lockdown, which Apple added to iOS last year. More about that later.

There’s little information about the iOS exploit chain other than it automatically triggered when a target visited a site hosting the malicious code. Once there, the exploits installed Predator with no further user action required.

To surreptitiously direct the iPhone to the attack site, it only needed to visit any HTTP site. Over the past five years or so, HTTPS has become the dominant means of connecting to websites because the encryption it uses prevents adversary-in-the-middle attackers from monitoring or manipulating data sent between the site and the visitor. HTTP sites still exist, and sometimes HTTPS connections can be downgraded to unencrypted HTTP ones.

Once Eltantawy visited an HTTP site, the PacketLogic device injected data into the traffic that surreptitiously connected the Apple device to a site that triggered the exploit chain.

Network diagram showing the Spyware Injection Middlebox located on a link between Telecom Egypt and Vodafone Egypt.

Predator, the payload installed in the attack, is sold to a wide array of governments, including those of Armenia, Egypt, Greece, Indonesia, Madagascar, Oman, Saudi Arabia, and Serbia. Citizen Lab has said that Predator was used to target Ayman Nour, a member of the Egyptian political opposition living in exile in Turkey, and an Egyptian exiled journalist who hosts a popular news program and wishes to remain anonymous. Last year researchers from Cisco's Talos security team exposed the inner workings of the malware after obtaining a binary of it.

Unraveling the mystery

The Citizen Lab research didn’t conclude whether the middlebox device resided on the outer edge of the Telecom Egypt network, which is wholly state-owned, or the Vodafone Egypt network, a majority share of which is owned by Vodacom. Several factors, though, caused the researchers to speculate the Sandvine device was on the outer edge of the Telecom Egypt network. The researchers wrote:

We cannot conclude from technical data alone whether the middlebox sits on the Telecom Egypt side or the Vodafone Egypt side of the link. However, we suspect that it is within Vodafone Egypt’s network, because precisely targeting injection at an individual Vodafone subscriber would require integration with Vodafone’s subscriber database.

Also, given that the injection is operating inside Egypt, the spyware is sold to government agencies, and Egypt is a known Predator customer, it is highly unlikely that this targeting occurred and that this setup was established outside of the purview of Egyptian authorities.

Attributing the party using the PacketLogic device used to redirect the iPhone was also made difficult. Normally, the researchers would have sent traffic from Eltantawy’s infected phone and mapping the path it took to arrive at its final destination. A separate middlebox that likely was used for benign traffic management made that method infeasible because traffic the researchers sent from the infected phone terminated at the middlebox.

The researchers resorted to a less traditional approach.

We identified two design choices in the injector, which, together, enabled us to localize the injection “in reverse”, from a measurement server we controlled. First, the injector attempts to mask its presence by copying IP TTL values it receives into packets it injects. Second, when injecting a response to a client “from” a server, the injector takes the server’s TTL to be the TTL from the first SYN/ACK it sees for a TCP connection, while ignoring TTL values in subsequent SYN/ACKs.

Together, these two design choices allow us to use our measurement server to “prime” the injector to inject a TTL = 1 packet to the client. To do this, our measurement server responds to a SYN by sending a SYN/ACK that reaches the injector with TTL = 1, and then sending a follow-up SYN/ACK with somewhat higher TTL such that it reaches the traffic management middlebox, completes the connection, and causes the traffic management middlebox to send the HTTP GET request that triggers the injection.

When the HTTP GET request reaches the injector, the injector sends a packet back to the client with TTL = 1. Because the injector is not directly adjacent to the client, the router immediately downstream from the injector will determine the packet is expired, and notify the sender of the injected packet. Because the injector spoofs the packet to come from our measurement server, the router identifies itself to us, notifying our measurement server of the packet’s expiry.

Diagram showing how Citizen Lab forced the PacketLogic Middlebox to inject a packet containing an HTTP 307 redirect with IP TTL of 1. Part of the packet was ultimately returned in an ICMP Time Exceeded message, allowing the researchers to identify the next-hop downstream towards the victim.

Eltantawy was also targeted in SMS messages that attempted to lure him to various malicious sites.

Malicious texts sent to the targeted iPhone.

A translation of the texts:

Blocking malware attacks on Apple devices

As mentioned earlier, anyone concerned that their iPhone, iPad, or macOS device may be in the crosshairs of attackers can always enable Lockdown mode on their device. Turning it on prevents the device from using capabilities that are most often abused in malware attacks, such as receiving attachments in emails or texts or receiving FaceTime calls from people not in the user’s contacts list. In security parlance, this approach significantly reduces the device's attack surface.