Have you ever thought about the ways in which hackers can break into your smartphone or your computer? If you did, then you must have probably thought about ways like clicking vicious links in a given text. Or maybe by downloading a malicious application. Franky, there is no end to how hackers can infiltrate your electronic gadget.
But surprisingly, that is not always the case!
Yes, there are many more eccentric ways in which hackers can insinuate in your happy life. You will be shocked to know that, just by receiving an iMessage on your iPhone can subject your security to a great threat. A mere text is all a hacker needs to turn your life upside down.
Black Hat Security Conference- Las Vegas
In the conference, Natalie Silvanovich, Google’s project manager, came out with a number of interaction-less bugs. These bugs were present in Apple’s iOS iMessage. These faults can be used by insidious entities for exploiting and gaining control of a user’s device.
Even though Apple has fixed a few of them, some are still left to be patched.
According to Google’s project manager, these bugs can be used for creating the code and can also be used for accessing your data without any permission. This means they can be used for harming the user’s personal information also.
There is a reason why Natalie and her fellow Project member Samuel Groß, got highly interested in these interaction-less bugs. The recent dramatic WhatsApp vulnerability, that permitted the spies to compromise a smartphone just by calling it, dragged their interest.
She even scanned visual voicemail, SMS, and MMS for similar problems, but could not find any. She thought that iMessage is more confined target. But then, they started reverse engineering, and in addition to this, they started looking for faults. And indeed, she found a glut of bugs that can be easily exploited.
But What Is The Reason Behind It?
The reason behind the presence of a number of bugs is the fact that it is such a complex platform. iMessage offers a vast array of features and communication options. It includes features like;
- Integration Option- with an app like iTunes, Airbnb, Apple Pay
- Sharing of videos, photos, and files
And these interconnections and extensions are the reason behind the weakening of the structure.
What Did They Find?
The fundamental logic issue was one of the most engaging and interesting interaction-less bug, Google’s project manager found. This bug could have easily allowed a hacker to fetch information and data from any user’s messages.
Infiltrators could very easily send a malicious text message, in order to target the user. After that iMessage server would simply send the user data back. Similarly like the content of their messages or images.
The victims, on the other hand, would not even notice. They don’t even need to open that message for that attack to work. iOS usually has a protective wall that blocks such attacks. But since it takes advantage of the system’s fundamental logic issue, the iOS defence mechanism interprets it as an intended situation.
Other bugs that they found had the capability to put the vicious code on an user’s device. And this complete situation is possible by just a simple incoming text.
Do You Know Who Actually Exploit These Bugs?
iOS interaction less bugs are hugely desired by nation-state hackers or exploit vendors. This is because these bugs simplify the complete process by making it easy to compromise the target’s device, and that too without even requiring any permission from the user/ victim.
The other six bugs that Google’s project manager found are yet to be announced. These vulnerabilities would be worth a fortune for the entire exploit market.
But it is going to be interesting to see the future developments that are going to be made in order to combat this situation. Till then just stay tuned to this space for more information.4