Reserves open for the new Samsung phones!

New iMessage exploit allows hackers to hijack your iPhone by simply sending you a message

By
27comments
Google News Follow
Follow us on Google News
iOS Apple
New iMessage exploit allows hackers to hijack your iPhone by simply sending you a message
A new, "interaction-less" bug in iMessage was recently discovered that could allow hackers to gain access to your iPhone. The exploit being interaction-less means that you don't need to do anything—download any files or click any suspicious links—to get your device compromised. What's even worse, you don't even need to open the iMessage app for the exploit to work.

At the Black Hat security conference in Las Vegas this week, Google Project Zero researcher Natalie Silvanovich showed off a number of these so-called interaction-less bugs in iMessage that could be used to gain remote access to an iPhone. Wired reports that Apple has already patched five of them, but there are a handful that are yet to receive the company;s attention.

Following the recently uncovered vulnerabilities in WhatsApp, Silvanovich and her colleague Samuel Groß started investigating for similar exploits in SMS, MMS, and voicemail, but found none. Then, they shifted their attention to iMessage and started reverse engineering the app, which lead to some worrisome discoveries.

According to the researchers, the vulnerabilities that they uncovered in iMessage are likely a result of the complex (and ever-expanding) nature of the app. Apple's messaging client not only allows users to send each other files, voice messages, photos, and Animojis, but also has many integrations with third-party apps, like OpenTable and Airbnb. This makes securing every potential backdoor increasingly difficult, though the researchers claim that Apple is actually doing a good job.

Silvanovich says that iOS has many security checks in place, but the bug she and Groß discovered takes advantage of the underlying logic of the operating system, which makes it possible to bypass the security net. A potential attacker could send a targeted iMessage with specific content in it that Apple's servers would interpret in a certain way and send the target a message that would then automatically trigger the exploit, granting the attacker access to the phone.

Interaction-less bugs are highly sought after in the hacking community, as they don't require the target to do anything. The iMessage vulnerabilities discovered by the Google Project Zero members could fetch prices in the vicinity of "millions or even tens of millions" on the exploit market.

Grab Surfshark VPN now at more than 50% off and with 3 extra months for free!

Secure your connection now at a bargain price!


We may earn a commission if you make a purchase

Check Out The Offer
Loading Comments...

Latest Discussions

Stop Playing

by Doug Fresh 123 • 3

Is buying a Fairphone really ethical?

by DomtheCuber • 4

Samsung Galaxy S23 recall?

by la19CSK • 5
Start Discussion View All

Recommended Stories

Popular stories

Google says you must disable this setting now to stop attacks from malicious texts
Google says you must disable this setting now to stop attacks from malicious texts
Promised T-Mobile feature is live in T-Life for real this time
Promised T-Mobile feature is live in T-Life for real this time
Latest Verizon offer is so good that its legitimacy is being questioned
Latest Verizon offer is so good that its legitimacy is being questioned
Two Apple Watch models are reportedly about to get major upgrades — and one is long overdue
Two Apple Watch models are reportedly about to get major upgrades — and one is long overdue
Samsung Galaxy Z Fold 7 sold me on foldables before the foldable iPhone could
Samsung Galaxy Z Fold 7 sold me on foldables before the foldable iPhone could
The Galaxy Watch 8 Classic leaks again and this time we got real world images
The Galaxy Watch 8 Classic leaks again and this time we got real world images

Latest News

BOE readies for a comeback… but is Apple even watching?
BOE readies for a comeback… but is Apple even watching?
One of Google’s most useful Apple Watch apps is suddenly gone
One of Google’s most useful Apple Watch apps is suddenly gone
More signs point to Apple's mystery MacBook with an iPhone chip
More signs point to Apple's mystery MacBook with an iPhone chip
The Amazon Echo Buds with ANC are a steal at 68% off ahead of Prime Day
The Amazon Echo Buds with ANC are a steal at 68% off ahead of Prime Day
You can't turn down Google's first-gen Pixel Fold at these phenomenal new prices!
You can't turn down Google's first-gen Pixel Fold at these phenomenal new prices!
The Galaxy Tab S10 FE and FE+ are sweetly discounted on Amazon once again
The Galaxy Tab S10 FE and FE+ are sweetly discounted on Amazon once again
FCC OKs Cingular\'s purchase of AT&T Wireless