Just when you thought the idea of someone hacking your iPhone couldn’t get any scarier, a new iMessage bug has been discovered. The scariest thing about this new vulnerability is that it is interaction-less. In other words, the recipient doesn’t have to click anything or even open the iMessage app. A hacker can simply hack into your iPhone by sending a simple text message.
iMessage bug discovered
Google Project Zero researcher Natalie Silvanovich found the bug, speaking about it at Black Hat security conference in Las Vegas. In fact, Silvanovich showed off several such interaction-less bugs affecting iMessage, WIRED reports. The report adds that Apple has patched about five of these exploits, but a few remain.
The report reveals how Silvanovich and fellow Project Zero member Samuel Groß recently got into researching interaction-less bugs. After the uncovering of a similar WhatsApp vulnerability, the two researchers tried finding similar loopholes in SMS, MMS, and voicemail, but found none. Then they turned their attention towards iMessage, and found some worrisome results.
Speaking of such interaction-less bugs, the report quotes Silvanovich as saying, “These can be turned into the sort of bugs that will execute code and be able to eventually be used for weaponized things like accessing your data. So the worst-case scenario is that these bugs are used to harm users.” As per the researchers, these interaction-less bugs are highly sought after by hackers since they require no inputs from the victims. This is the reason why such bugs can fetch “millions or tens of millions” in the hacking community.
Apple has several safeguards in place when it comes to protecting its operating systems and native apps. But the iMessage vulnerabilities are a result of the complex nature of the messaging app. The ever-expanding app has moved beyond just sending and receiving messages. Now, users can send multimedia files, Animojis, and interact with a wide variety of third-party apps.
The researchers claim that the bugs they found take advantage of the underlying logic of the iOS operating system. Hence, this makes it possible to bypass Apple’s security net. This means, a hacker could send a message with specific content and Apple’s servers will interpret it as a normal text. This would then automatically trigger the exploit, granting the attacker access to the phone.