Whenever we think of a hacker breaking into our phone, we probably think of clicking a malicious link, unknowingly, and downloading malware on our devices. Turns out, that is not the only way. On an iPhone, a mere iMessage could leak your data stored on your phone to hackers.
Most of the iOS users who have not yet updated to iOS 12.4 are leaving themselves at the risk of getting spied on. More than 90% of iPhone users are prone to bugs that hackers could exploit without any involvement from the user end. These could reveal everything from notes, PDFs, to pictures, and videos saved on the phone.
iPhone Users Are at Risk of an iMessage Spy Attack
Apple has completely fixed about five to six critical bugs with the 12.4 iOS update that Google’s Project Zero revealed recently. As of August 1, only 9.6% of enterprise devices have upgraded their devices. As reported by Threatpost, CVE-2019-8624 and CVE-2019-8646 are the most dangerous as an attacker could read files remotely off an iPhone, without any kind of interactions from the victim.
Natalie Silvanovich, a researcher at Google Project Zero, plans to present Apple’s iOS iMessage client’s various interaction-less bugs at the Black Hat security conference that hackers could exploit to gain control of someone’s device. Apple has patched up five of these bugs, but a few still need to be fixed.
Silvanovich says that these could be converted into the kind of bugs that will execute code and then used for accessing your data. The worst-case scenario would be when these bugs are utilized to harm a user.
This vulnerability begins a compromise of the iOS sandbox and initiates the loading of the iMessage database, which puts the user’s device at risk. This weakness brings the iOS sandbox’s integrity into the limelight as it is one of the essentials of the entire iOS security model. This iMessage exploit is rather similar to a jailbreak, that bypasses the limitations put in place by Apple and the weakness exposes the file space on the device.
Also, anyone could easily use these vulnerabilities to target anyone, as their code is publicly available. Anyone who has a MacOS device and the iMessage account details/phone number of a victim could spy on the target. Anyone who possesses basic to advanced computing skills can use this code to hack an iPhone, which does not have the latest iOS update.
The recent WhatsApp vulnerability got Silvanovich interested in interaction-less bugs. These bugs allowed the nation-state spies to compromise a phone call even when it was not picked up. She assumed that iMessage would be a more secure target, but reverse engineering revealed plenty of vulnerabilities and exploitable bugs.
This could have happened because iMessage is a complex platform that provides numerous features and options to communicate. You can send videos, photos, and animojis. You can even integrate it with other apps, be it iTunes, Airbnb, Apple Pay, and Fandango. Combined, all of these increase the chances of risks and vulnerabilities.
One of the most interesting finds was a logic issue that any hackers could use to extract data out of a user’s message. A hacker could send a specially designed text message to the phone user, and the iMessage, in return, would send specific user data to him. It could be their text content or images. And what’s more? The victim doesn’t even have to open their iMessage app to trigger the attack.
Now, usually an iOS would block such an attack with its protections, but as it uses the system’s logic, the defenses take it as an intended and legitimate action. Other bugs found could allow malicious code to place itself on a victim’s device merely from an incoming text message.
National state hackers and exploit vendors seek interaction-less iOS bugs as they make it convenient for them to compromise the target without requiring any buy-in from the victim.
According to Silvanovich, “Bugs like this haven’t been made public for a long time. There’s a lot of additional attack surface in programs like iMessage. The individual bugs are reasonably easy to patch, but you can never find all the bugs in software, and every library you use will become an attack surface. So that design problem is relatively difficult to fix.”
Though iMessage’s security is potent overall, even a tech giant like Apple isn’t foolproof secure and have trouble in dealing with such conceptual issues. Silvanovich also looks for interaction-less bugs on Android devices but was unsuccessful so far. She found similar vulnerabilities in WhatsApp, FaceTime, and webRTC, a video conferencing protocol.
She says, “Maybe this is an area that gets missed in security. It doesn’t matter how good your crypto is if the program has bugs on the receiving end.”
Over the last few years, several incidents have made the companies more concerned and committed to user privacy. Every other day new spyware and apps are emerging in the market which spies and hackers can use to get hold of a person’s confidential and personal data. The past year witnessed a large number of data breaches and has made companies more concerned about the security measures they have in place.
Sadly, even the apps which are designed to cater to the worrying parents’ needs and assist them in keeping an eye on their children, while they are at work such as Xnspy, TrackMyFone, and the likes, could be used by hackers and spies to spy on your phone and steal your personal data and other sensitive information.
How to Protect Your iMessages from Spy Attacks
Xnspy and similar apps are equipped with a variety of features and provide excellent functionality for parents to access their child’s text messages, call logs, emails, web browsing history, locations, multimedia, social media activity, and a lot more. Imagine what a hacker could do if they get hold of such an app and use it with criminal intent. Though there are conditions involved with using these apps, but looks like that, with time, the hackers are getting better and better. No matter how many security provisions you put in place, they find some way around it. And thus, rendering the concept of digital privacy a myth.
Apple also discovered a bug earlier this year. The vulnerability was found in the FaceTime’s group calling feature, and the company had to take Group FaceTime offline for some time. The feature let people listen in before their call was accepted. It was found that Grant Thompson, the teen who found the bug had tried to contact and report the issue but was unsuccessful in getting a response. Eventually, Apple was able to fix the bug and rewarded bug bounty to Thompson. Apple is now more attentive to such reports which it receives through the vulnerability tips line.
That’s all folks!
Your best bet to keep yourself safe against interaction-less attacks is to always keep your phone’s operating system updated. Though Apple has patched up the fixes found by Silvanovich, apart from that, developers have to avoid introducing these kinds of bugs in their code or should spot them as fast as they can. These interaction-less attacks could be inexorable and there is not much that users can do to stop them after malicious calls/messages begin.
You may also like to read: