At a Black Hat security conference in Las Vegas, Google Project Zero expert Natalie Silvanovich talked about security issues in the iMessage client.
If these bugs are successfully exploited, an attacker can gain control of the user’s device. Currently, Apple has fixed five such vulnerabilities. At the same time, there were several more bugs that require separate patches.“These can be turned into the sort of bugs that will execute code and be able to eventually be used for weaponized things like accessing your data. So the worst-case scenario is that these bugs are used to harm users”, — stated Silvanovich.
Google Project Zero expert began to look for these vulnerabilities after the sensational story about security problems of the WhatsApp messenger.
Recall that the WhatsApp vulnerability allowed using spy calls to install spyware on iPhone and Android. Silvanovich checked SMS, MMS and voice mail for these bugs – they empty, nothing could be found.
After that, the specialist suggested that iMessage might have similar problems. She reverse engineered the Apple product and immediately found several vulnerabilities that a potential attacker could exploit.
The reason for the presence of gaps may be how iMessage works – it is a rather complex platform that includes a whole set of functions and capabilities.
Silvanovich found one of the most interesting problems in the fundamental logic of the application – the attacker could easily extract data from the user’s text messages. To do this, the attacker needs to send a special text message to the user, and the iMessage server will send in response certain data of the attacked victim. Among such data will be the contents of text messages, as well as sent and received images.
Read also: Encrypting malware attacks NAS Synology and Lenovo Iomega
The victim would not even have to open the iMessage application for the attack to work. IOS has defenses that typically block an attack like this one, but since it takes advantage of the underlying logic of the system, iOS defenses interpret it as legitimate and intentional.
Other bugs discovered by the researcher lead to the execution of malicious code. They can also be activated with a simple text message.
“There’s a lot of additional attack surface in programs like iMessage. The individual bugs are reasonably easy to patch, but you can never find all the bugs in software, and every library you use will become an attack surface. So that design problem is relatively difficult to fix”, — reported Natalie Silvanovich.
Recommendations:
In the recently released iOS 12.4 and macOS 10.14.6 updates, Apple fixed all six iMessage errors that Silvanovich found.
The best thing you can do to protect yourself from interaction-less attacks is constantly update your phone’s operating system and applications. Besides this, developers should avoid the appearance of such errors in their code or identify them as quickly as possible. Given how merciless interaction-less attacks can be, users can do little to stop them as soon as malicious messages or calls arrive.