Apple iMessages could be leaking your information

Apple iMessages could be leaking your information

If you’ve sent or received any links through iMessage recently you’ve probably noticed that they’re presented in a more appealing manner than before, providing a clickable link, an image and text extracted from the URL.

That’s something other services like Facebook and Slack also do, but according to Ross McKillop (a developer), iMessage handles this in a rather different, and far less secure way.

When using Facebook for example, the website you’re linking to will see a request from Facebook, but when using iMessage the website will get the request direct from your device, revealing your IP address, device type and operating system.

Slack security

That might not sound so bad, but, as McKillop points out, the request will be sent from every device that you have running iMessage, allowing the website to get an idea of your location. For example, if your iPhone and Mac respond from different IP addresses you’re probably out.

Even more troubling though is that McKillop believes that with URLs being sent this way, exploits found in Safari could potentially be triggered simply by sending someone an iMessage with the affected URL, with no requirement for the recipient to actually click the link.

There’s also no way to disable this, so if McKillop is right it’s down to Apple to fix it, hopefully before someone finds a way to fully exploit the issue.

We have contacted Apple to ask if it’s aware of this potential vulnerability, and whether a fix is in the pipeline. We’ll update this article once we get a response.

  • Google has an answer to iMessage


Source: TechRadar
posted by ConnectMe

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s