iMessage flaws leave iPhone open to hijacking

By

Messages iOS 10
That doesn't mean you should stop using it.
Photo: Apple

Security researchers have uncovered new flaws in iMessage that could give hackers control of your iPhone or iPad.

Apple has already patched five similar bugs, but several are still present in recent versions of iOS. What makes these particularly concerning is that a potential attack requires no input from the user.

Researchers call them “interaction-less” bugs. Hackers can exploit them to carry out an attack without first convincing a user to visit a malicious website or open a dangerous file.

An interaction-less bug uncovered in WhatsApp in May allowed spies to gain access to a user’s smartphone simply by calling it — even if the user didn’t answer.

Now similar flaws have been discovered in iMessage by Google Project Zero researchers Natalie Silvanovich and Samual Groß.

Beware iMessage attackers

“These can be turned into the sort of bugs that will execute code and be able to eventually be used for weaponized things like accessing your data,” Silvanovich told Wired.

“So the worst-case scenario is that these bugs are used to harm users.”

Attackers can exploit these bugs by sending a specially-crafted text message to an iPhone or iPad user, which would trigger Apple’s iMessage servers to send specific data back.

That data might include a user’s entire iMessage history, or their photos and videos.

Other attacks could allow malicious code to be executed on the victim’s device, giving an attacker complete control of it.

The attacks would be almost undetectable, and the user wouldn’t even have to open the incoming message to trigger them.

Can’t iOS prevent it?

iOS is famously the most secure mobile platform, with strong protections to keep your private data private. So you might think measures to prevent these kinds of exploits are already present.

But attacks that take advantage of interaction-less bugs do so by exploiting the system’s underlying logic, Wired explains. So, iOS sees them as legitimate and intended interactions.

And because these bugs make attacking a victim’s device so easy, with such a significant pay-off, they’re becoming increasingly popular among exploit vendors and nation-state hackers.

iMessage has countless flaws

Silvanovich has detailed six interaction-less bugs in iMessage so far, with more yet to be announced. And despite being relatively easy to fix, they are difficult to eliminate entirely.

“The individual bugs are reasonably easy to patch, but you can never find all the bugs in software, and every library you use will become an attack surface,” Silvanovich explains.

“So that design problem is relatively difficult to fix.”

Silvanovich notes that iMessage security is strong overall, and certainly not the only messaging platform with flaws — so you shouldn’t rush to stop using it just yet.