After another zero-click attack, information security experts began to say that it was time to take extreme measures regarding the security of iMessage users.
Shocking news: The Bahraini government acquired on the black market and used sophisticated malware against human rights defenders, spy tools that did not require the victim to do anything – neither click on links nor grant permissions. These tools made it possible to completely take over the victims’ iPhones in a matter of seconds. However, as disturbing as the weekly report from the University of Toronto Citizens Laboratory was, this situation no longer seems strange.
A zero-click attack is a remote attack on a device that does not require any additional action from the user. It is enough for an attacker to send a malicious SMS or simply wait until the device is within range of the desired wireless communication channel.
Such attacks can be carried out on any platform, but now there are a huge number of resonant reports that attackers exploited weaknesses in Apple’s iMessage service. Information security researchers say the company’s efforts to address the issue have not been successful. Moreover, they are confident that there are other steps the company could take to protect the most at-risk users.
Attacks without direct interaction with new versions of iOS are still not popular and are used exclusively against a small number of high-profile targets around the world. In other words, the average iPhone owner hardly needs to worry about this. However, the incident in Bahrain confirms the fact that Apple’s efforts to reduce the risks in iMessage for the most vulnerable users have not been successful. The only question left is how far the company is willing to go to make its messaging platform more secure.
“It’s frustrating to realize that iOS still has this uninstallable app that accepts private messages and data from anyone," says veteran macOS and iOS security researcher Patrick Wardle. "If someone has a zero-click iMessage exploit, they can use it from anywhere in the world and access your iPhone instantly."
Apple has indeed taken serious steps to comprehensively address iMessage zero-click attacks in iOS 14. The most notable of the new features, BlastDoor, is a kind of "quarantine zone" for incoming messages. It is designed to weed out potentially malicious data before it enters the iOS environment. However, a certain number of exploits can still enter the system. A research report from the University of Toronto Civil Lab published in July by Amnesty International confirms that a zero-click attack can bypass BlastDoor ‘s security .
Apple has not yet released an update to fix this vulnerability and add protection against a dangerous attack. The attack itself was dubbed " Megalodon " by Amnesty International and " ForcedEntry " by the Civil Lab. An Apple spokesperson says that the company intends to strengthen the security of the iMessage app and that new security features will appear in iOS 15. However, it is not yet possible to say with accuracy what new vulnerabilities will appear after the introduction of new options. Thus, now there is no one hundred percent protection against the BlastDoor hack, the possibility of which has already been noted by Amnesty International and the University of Toronto Citizens Laboratory.
“Attacks like this one are very sophisticated ; their development costs millions of dollars. They often have a short lifespan and are used to hack specific people’s phones," Ivan Krstić, head of information security and architecture at Apple, said in a statement. “While this means that they do not pose a threat to the vast majority of users, we continue to work tirelessly to ensure that our customers’ devices are securely protected.”
Many features and iMessage features make it difficult to reliably protect the iPhone, according to security researchers. The attack surface is huge. There’s a lot of code and tweaks under the hood to keep all those green and blue bubbles (plus photos, videos, links, notes, app integrations, and more) running smoothly. Each feature and relationship with another element of iOS creates a new opportunity for attackers to find "holes" in the security that can be successfully exploited during an attack. With the advent of iMessage zero-click exploits, it has become increasingly clear that fixing the service’s vulnerabilities will require a complete overhaul of the tool, which is unlikely in principle.
However, even without a complete overhaul of the program, Apple still has room to fight iMessage hacks. Information security researchers suggest that the company may add special options to help particularly at-risk users block the app on their devices. This may include the ability to completely block insecure content such as images and links, as well as getting consent from the phone owner to read messages from people who are not yet in the contacts.
Needless to say, these features wouldn’t make much of a difference to most people. Many people want to receive constant text notifications that drugs are in stock, even if their contacts do not have a pharmacy number. Moreover, maybe a person has a desire to see photos and links to articles of an acquaintance with whom he just exchanged numbers in a bar. However, these extreme security measures will go a long way in protecting users, who are valuable targets for attackers.
In fact, researchers at the University of Toronto Civic Lab and others in the security industry are convinced that Apple should provide the ability to turn off iMessage entirely. The company has always been reluctant to allow users to uninstall its own apps, and in many ways iMessage is one of the company’s most important tools. However, iOS already gives users the ability to uninstall apps like FaceTime and disable other essential services like Safari (This can be done in Settings by going to the following path: " Screen Time " > " Content & Privacy Restrictions " > " Allowed Apps " ).
The Civil Lab itself understands that no solution can be 100% effective in all cases. Zero-click attacks exist in other communication apps such as WhatsApp, so patching the iMessage vulnerability won’t completely fix the problem. What’s more, pushing users back to text messaging (SMS) rather than using Apple’s end-to-end encryption would lower security overall.
However, an option like " Protected Mode " in iMessage could be a great solution from Apple’s part. This will help the company make an important gesture towards those who rely on iOS even when the stakes are extremely high.
“If Apple gave you the ability to completely disable iMessage, that would be great,” says Wardle. "Defensiveness like BlastDoor is also there, but it’s more like trying to fortify a sandcastle."
It all comes down to how far Apple is willing to go in addressing iMessage’s " zero-click " exploits and how exactly it will go about it.
“This is a tricky question—I wouldn’t call all the successful iMessage attacks an oversight on Apple’s part,” says Will Strafach, veteran iOS researcher and creator of the Guardian Firewall app. “The iPhone is a popular device among users, and not a specialized device with a high degree of protection. However, I hope that research like this will inspire Apple to take action and provide their information security teams with the resources they need to strengthen general attack vectors, in particular in iMessage."
The release of iOS 15 should reveal more about Apple’s device security solutions. However, the company’s countless previous attempts, combined with the lack of a short-term solution to the iMessage attacks, point to both the complexity of the problem and the greater need to fix it.
According to Wired.