iOS Flaws let hackers break into iPhones by just sending a text

By Prakhar Khanna | Updated Aug 27 2019
iOS Flaws let hackers break into iPhones by just sending a text

Samsung 40" Smart 7-in-1 Full HD Smart LED TV @ Rs.27,999

Personal Computer | Live Cast | Screen Mirroring | Content sync & share |Mobile Set-up

Click here to know more

HIGHLIGHTS

Interaction-less flaws can let hackers break into iPhones by sending a text.

The flaws were showcased at the Black Hat USA 2019 conference in Las Vegas.

At the Black Hat USA 2019 conference in Las Vegas, a new iOS flaw was revealed which let hackers break into iPhones by just sending a text. Google security engineer Natalie Silvanovich showcased a presentation titled "Look, No Hands! The Remote, Interaction-less Attack Surface of the iPhone,” which discussed the potential vulnerabilities on iOS’ SMS, MMS, Visual Voicemail, iMessage and Apple Mail.

According to Silvanovich, simply receiving an iMessage could be enough to get yourself hacked. You don’t require to click on any malicious link or even open the text message. You just have to receive it, which by the way, is mostly not in your hands. She presented multiple so-called “interaction-less” bugs in Apple’s iOS iMessage client that could be misused to gain control of a user’s device. 

“These can be turned into the sort of bugs that will execute code and be able to eventually be used for weaponized things like accessing your data,” Silvanovich says. “So the worst-case scenario is that these bugs are used to harm users.”

Silvanovich, according to Wired, “got interested in interaction-less bugs because of a recent, dramatic WhatsApp vulnerability that allowed nation-state spies to compromise a phone just by calling it—even if the recipient didn’t answer the call.” Further, she looked for similar issues in SMS, voicemail, and MMS. First, she didn’t find any issues, but when she started reverse engineering and looking for flaws, she found multiple exploitable bugs.

One of these flaws can be used by a hacker to extract data from a user’s messages. All the hacker needs to do is send a specially crafted text message to a target, and the iMessage server would send back data to the sender, like the content of their SMS messages or images. Another flaw could lead to malicious code being placed on a victim's device from just an incoming text.

Meanwhile Apple has patched six of these flaws. You can find the PDF version of Silvanovich's presentation here.

logo
Prakhar Khanna

I write about tech stuff and tell (stupid) jokes

Advertisements

Trending Articles

Advertisements

latest articles

View All
Advertisements

Top Products

Popular Mobile Phones

View All

Hot Deals

View All

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.