A new, "interaction-less" bug in iMessage was recently discovered that could allow hackers to gain access to your iPhone. The exploit being interaction-less means that you don't need to do anything—download any files or click any suspicious links—to get your device compromised. What's even worse, you don't even need to open the iMessage app for the exploit to work.
At the Black Hat security conference in Las Vegas this week, Google Project Zero researcher Natalie Silvanovich showed off a number of these so-called interaction-less bugs in iMessage that could be used to gain remote access to an iPhone.
Wired reports that Apple has already patched five of them, but there are a handful that are yet to receive the company;s attention.
Following the recently uncovered
vulnerabilities in WhatsApp, Silvanovich and her colleague Samuel Groß started investigating for similar exploits in SMS, MMS, and voicemail, but found none. Then, they shifted their attention to iMessage and started reverse engineering the app, which lead to some worrisome discoveries.
According to the researchers, the vulnerabilities that they uncovered in iMessage are likely a result of the complex (and ever-expanding) nature of the app. Apple's messaging client not only allows users to send each other files, voice messages, photos, and Animojis, but also has many integrations with third-party apps, like OpenTable and Airbnb. This makes securing every potential backdoor increasingly difficult, though the researchers claim that Apple is actually doing a good job.
Silvanovich says that iOS has many security checks in place, but the bug she and Groß discovered takes advantage of the underlying logic of the operating system, which makes it possible to bypass the security net. A potential attacker could send a targeted iMessage with specific content in it that Apple's servers would interpret in a certain way and send the target a message that would then automatically trigger the exploit, granting the attacker access to the phone.
Interaction-less bugs are highly sought after in the hacking community, as they don't require the target to do anything. The iMessage vulnerabilities discovered by the Google Project Zero members could fetch prices in the vicinity of "millions or even tens of millions" on the exploit market.
26 Comments
1. Tsepz_GP
Posts: 1177; Member since: Apr 12, 2012
posted on Aug 08, 2019, 3:55 AM 0
3. Papa_Ji
Posts: 885; Member since: Jun 27, 2016
posted on Aug 08, 2019, 4:08 AM 17
5. Tizo101
Posts: 609; Member since: Jun 05, 2015
posted on Aug 08, 2019, 4:23 AM 5
12. Tsepz_GP
Posts: 1177; Member since: Apr 12, 2012
posted on Aug 08, 2019, 6:07 AM 0
15. JCASS889
Posts: 630; Member since: May 18, 2018
posted on Aug 08, 2019, 7:15 AM 7
24. sgodsell
Posts: 7605; Member since: Mar 16, 2013
posted on Aug 08, 2019, 1:53 PM 1
8. cmdacos
Posts: 4334; Member since: Nov 01, 2016
posted on Aug 08, 2019, 4:41 AM 8
10. Back_from_beyond
Posts: 1475; Member since: Sep 04, 2015
posted on Aug 08, 2019, 5:00 AM 11
11. ph00ny
Posts: 2069; Member since: May 26, 2011
posted on Aug 08, 2019, 5:42 AM 1
4. Back_from_beyond
Posts: 1475; Member since: Sep 04, 2015
posted on Aug 08, 2019, 4:20 AM 9
7. shiv179
Posts: 193; Member since: Aug 08, 2012
posted on Aug 08, 2019, 4:31 AM 8
13. blingblingthing
Posts: 982; Member since: Oct 23, 2012
posted on Aug 08, 2019, 6:23 AM 7
14. Papa_Ji
Posts: 885; Member since: Jun 27, 2016
posted on Aug 08, 2019, 7:13 AM 8
16. lyndon420
Posts: 6897; Member since: Jul 11, 2012
posted on Aug 08, 2019, 7:44 AM 0
17. Vancetastic
Posts: 1798; Member since: May 17, 2017
posted on Aug 08, 2019, 9:07 AM 0
19. tedkord
Posts: 17481; Member since: Jun 17, 2009
posted on Aug 08, 2019, 11:39 AM 0
22. Vancetastic
Posts: 1798; Member since: May 17, 2017
posted on Aug 08, 2019, 1:26 PM 0
20. Tipus
Posts: 908; Member since: Sep 30, 2016
posted on Aug 08, 2019, 12:10 PM 1
21. TBomb
Posts: 1671; Member since: Dec 28, 2012
posted on Aug 08, 2019, 1:25 PM 0
23. Vancetastic
Posts: 1798; Member since: May 17, 2017
posted on Aug 08, 2019, 1:28 PM 3
25. lyndon420
Posts: 6897; Member since: Jul 11, 2012
posted on Aug 08, 2019, 4:44 PM 1
28. Vancetastic
Posts: 1798; Member since: May 17, 2017
posted on Aug 08, 2019, 8:47 PM 0
26. mackan84
Posts: 647; Member since: Feb 13, 2014
posted on Aug 08, 2019, 7:29 PM 0
30. andrewc31394
Posts: 304; Member since: Jun 23, 2012
posted on Aug 14, 2019, 8:18 AM 0
* Some comments have been hidden, because they don't meet the discussions rules.
PhoneArena Comments Rules
A discussion is a place, where people can voice their opinion, no matter if it is positive, neutral or negative. However, when posting, one must stay true to the topic, and not just share some random thoughts, which are not directly related to the matter.
Things that are NOT allowed:
Moderation is done by humans. We try to be as objective as possible and moderate with zero bias. If you think a post should be moderated - please, report it.
Have a question about the rules or why you have been moderated/limited/banned? Please, contact us.
Comments Options
Report Post
Send a warning to post author
Send a warning to Selected user. The user has 0 warnings currently.
Ban user and delete all posts
Message to PhoneArena moderator (optional):