Table of contents:
As every year, at the Black Hat security conference held in Las Vegas, a lot of security flaws and exploits are discovered that would cost millions and millions on the black market. We recently talked about an error in WhatsApp that allows your messages to be falsified and now it's time to talk about iPhone and the operating system iOS
Researchers from the Google Project Zero group have discovered a bug in iMessage that allows an attacker to access an iPhone without the victim's interaction In other words, hackers could get into your iPhone without having to do anything. This exploit means that they can break the security of your mobile without the need for you to click on a link, download a file or send a message. Therefore, the severity of the matter is important.
Apple is already working to fix the problem in iMessage
Hackers being able to remotely take control of your phone without any interaction from you is very serious and Apple is already working on the problem. Researchers have been looking for similar errors in SMS, MMS and voice messages but have found nothing. However, in iMessage there are many and Apple is working to fix them. From Cupertino assures that they have already solved 5 of them but there is still a lot of code to review.
The bug is due to the nature of the application, so a lot of reverse engineering will be required to fully fix it.The vulnerability found in iMessage is really complex and it is not only because iMessage allows sending files, voice messages, photos or animojis, but also because the integration with third-party applications such as OpenTable or Airbnb makes the problem have a complex solution. There are many ways to get in through the back door because of these integrations.
A mistake like this would cost millions of dollars on the black market
iOS is a secure system, which enjoys many security checks. However, this exploit accesses the operating system through a backdoor and bypasses security without the victim detecting the attacker Simply send a specific message to an account iMessage that servers will misinterpret, giving the attacker remote access in a matter of seconds.
That the attack requires no user interaction makes it very dangerous, and if the Google Project Zero team hadn't revealed the details to Apple they could have sold this exploit for many millions of dollars on the black marketAlthough, obviously, that's not going to happen…
