When you think about the various ways that hackers could use to “enter” our smartphone and spy on us, a long series of possible solutions may come to mind. Some people worry about links sent via e-mail or on messaging platforms; who to phishing and social engineering campaigns that push us to download malicious apps containing Trojans or spyware; or, again, to complex hacking campaigns set up by government agencies for global control.
And to say, instead, that everything is much simpler. In some cases, for example, it is not even necessary for the mobile phone holder to do anything. Natalie Silvanovich, a researcher at Google Project Zero, a group of computer security researchers sponsored by the Mountain View giant, discovered this. During the Black Hat event, a conference dedicated to the issues of information security being held in Las Vegas, the researcher showed some vulnerabilities in iMessage that would allow hackers to spy on all activities carried out with the phone without the owner has to do nothing. In most cases, in fact, it is sufficient to send a message to “activate the bug” and spy on the iPhone.
How the “interaction-less” bugs on iMessage work
During his lecture, Silvanovich admitted that his study on bugs “interaction-less” (an English neologism that can be translated “without interaction”) from the attack on WhatsApp with the Pegasus malware. By studying the source code of various messaging services, the Google researcher discovered that Apple’s Messages has several such vulnerabilities.
The most dangerous, explains Silvanovich, are those that allow you to retrieve information on iPhone owners without them being able to notice anything or they can somehow defend themselves. For example, by sending a simple message containing a string of code, it is possible to receive data and information regarding the SMS sent and received by a specific telephone. Fortunately, Apple has released patches that solve most of the vulnerabilities identified by the Google Project Zero research group, but some (as yet unknown) are still “open”.
How to defend yourself from “interaction-less” attacks on iMessage
We have already mentioned that the types of attacks discovered by the Big G researcher do not allow users to defend themselves in any way. This, however, is only partially true. One way to defend yourself is by downloading and installing all the updates for the operating system and apps that are released almost every day. This will install versions of the app without the bugs discovered in the days and weeks ahead.