iMessage on iPhone
A $2 million iMessage exploit listed on the dark web probably doesn’t do what the sellers say that it does, but it’s still a reminder that iPhones aren’t hack-proof.
According to a post on X made on April 15, Trust Wallet has found credible evidence related to a high-risk, zero-day exploit targeting iMessage users. Allegedly, the exploit can access an iPhone without requiring the user to click any links.
1/2: Alert for iOS users: We have credible intel regarding a high-risk zero-day exploit targeting iMessage on the Dark Web.
This can infiltrate your iPhone without clicking any link. High-value targets are likely. Each use raises detection risk. #CyberSecurity
— Trust Wallet (@TrustWallet) April 15, 2024
As a precaution, Trust Wallet suggests that iPhone users — especially high value individuals — turn off iMessage until Apple patches the problem.
It’s important to note, as Tech Crunch highlights, that there is currently no definitive proof of the exploit’s existence. The “proof” is derived from a dark web advertisement for something called “iMessage Exploit.”
The advertisement says that the product is an RCE — a remote code execution — that requires no interaction from the target. It allegedly works on the latest version of iOS.
CodeBreach Lab, the seller of the supposed exploit, is asking for $2 million in Bitcoin. As of right now, no one has purchased the exploit.
While this threat is likely exaggerated, if not an outright scam, it is still important to understand why these exploits are worth taking seriously.
It is a commonly held belief that iPhones cannot get infected with malware, but this is not entirely true. While it is rare for iPhones to be infected with malware, attackers can still take advantage of zero-day vulnerabilities and zero-click exploits to infect a user’s device. However, these types of attacks are typically expensive and difficult to execute due to the high level of sophistication required.
