The Mystery of CVE-2023-38606: Apple's Secret iPhone Backdoor Exposed?

AI-created, human-edited.

In the latest episode of the acclaimed cybersecurity podcast Security Now, hosts Steve Gibson and Leo Laporte uncovered shocking details about a secret backdoor mechanism hidden within iPhones that allowed sophisticated hacking and spying.

The vulnerability, labeled CVE-2023-38606, was discovered by researchers at Kaspersky after noticing strange activity on employee iPhones. What they revealed was astonishing - a deliberately concealed backdoor system across five generations of iPhone processors that allowed hackers to bypass iPhone security defenses altogether.

As Gibson detailed in-depth, this system was extremely sophisticated - requiring the use of multiple iOS vulnerabilities and secret unlock commands hashed with an obscure algorithm to leverage. The researchers could find absolutely no legitimate documentation or reference to these hidden backdoor features anywhere within Apple's code.

So, how did cybercriminals gain access to unlock and exploit this covert iPhone access mechanism? Laporte offered his opinion that a state-level actor like the NSA likely compelled Apple to build it in, giving those agencies full access while keeping it completely obscured from everyone else.

As Laporte explained, U.S. companies often have no choice but to comply with government surveillance demands due to laws like the Patriot Act. And the sophistication and secrecy around this backdoor system have all the hallmarks of an Apple-assisted NSA spying tool.

Gibson agreed this seems the most plausible explanation - though the full truth may never be told without confirmation from Apple. The multi-stage exploit combined with secretly guarded access protocols point to the iPhone maker's voluntary participation, however unwilling they may have been.

The most troubling implication, according to Laporte, is that Apple could easily reintroduce similar hidden access mechanisms into future iPhones without users being any the wiser. Only the barest sliver of the security community would even understand the technical details involved in such covert systems.

While Apple has now patched the exact vulnerabilities uncovered by Kaspersky, without transparency from Apple, the hosts agreed, that user trust in the privacy and security of iPhones has been profoundly damaged.

This shocking iPhone backdoor story highlights that even the biggest privacy-focused tech companies may contain relationships with government spies coerced through secret demands. Users must weigh these potential betrayals of trust against the still-significant security protections Apple devices aim to provide.

Become a subscriber and never miss an episode: Security Now