During the annual Black Hat computer security conference, Google Project Zero researcher Natalie Silvanovich talked about the possibility of hacking the iPhone through the built-in iMessage messenger. The presence of the impressive functionality of the service is the main security problem - the more features the application has, the higher the risk that it will be hacked.
Apple has already managed to fix at least six iMessage vulnerabilities in recent months. But many "holes" in the security of the service have remained open. iMessage is a complex platform that includes integration with a number of applications, the ability to add video, photos, audio, Animoji support and a number of additional features. Each extension and relationship with third-party software gives hackers a better chance of finding a vulnerability.
While studying the algorithm of the service, Natalie Silvanovich found a way to get user data by sending just one message. Specially created text is sent to the subscriber, the iMessage server perceives it as a system command, and then the requested data is sent back to the attacking side. In this case, the recipient does not even need to open the application.
Several other vulnerabilities of the service allow you to integrate malicious code into the system and, again, by sending just one special message through iMessage.
Apple’s decision to increase cash rewards for vulnerabilities found in its software is logical. Any such "security hole" in the exploit market is worth a lot of money. It’s in the corporation’s interests to learn about the found problem firsthand, minimizing the consequences and quickly closing the vulnerability.
Silvanovich stressed that she was looking for such exploits in Android, but could not find them. Previously, she was able to find flaws in WhatsApp, FaceTime and webRTC video conferencing Protocol. Apple has successfully fixed all the errors pointed out by the hacker. The best way to protect, according to the programmer, is the constant installation of fresh updates on smartphones and laptops.