Trust Wallet says iMessage exploit might drain your crypto wallets

Cryptocurrency wallet provider Trust Wallet recently issued a warning urging Apple users to disable iMessage.

This comes after they received “credible intel” regarding a high-risk security issue affecting iMessage on iPhones.

The reported issue is a zero-day exploit, a fancy term for a software vulnerability that attackers can leverage without the knowledge of the software developer. This means there’s currently no patch available to fix the issue, making iPhones with iMessage enabled potentially susceptible.

Trust Wallet warns about the iMessage exploit

Trust Wallet highlights that this zero-day exploit could potentially allow hackers to gain control of iPhones. With crypto wallets often storing users’ valuable digital assets, a compromised phone could lead to stolen cryptocurrency.

The warning specifically mentions high-value account holders being at greater risk. This makes sense, as hackers are more likely to target individuals with significant crypto holdings.

How does the iMessage zero click exploit work?

Due to security concerns, the exact workings of the iMessage zero-click exploit remain undisclosed. This prevents attackers from learning the specifics and exploiting it more easily. However, we can discuss general concepts behind zero-day exploits.

Imagine a program like iMessage as a complex machine with many parts. A zero-day exploit is like finding a tiny hidden switch on this machine. Flipping this switch can cause unexpected behavior, potentially giving unauthorized access.

Here’s a simplified breakdown of how a hypothetical zero-day exploit might work:

• The flaw: There’s a hidden weakness in the program’s code, like a faulty switch (the exploit). This weakness is unknown to the program’s creators (Apple).
• Crafting the attack: Hackers create a specific message or data file that triggers the hidden switch (the exploit). This message might look perfectly normal on the surface.
• Triggering the exploit: When the iPhone receives the malicious message, it processes the data and unknowingly flips the hidden switch (the exploit) in its code.
• Gaining access: Depending on the exploit’s nature, this might grant hackers some level of control over the iPhone, potentially allowing them to steal information or even install malware.

The danger lies in the message being “zero-click”. This means the vulnerability allows the exploit to work without any user interaction. Unlike phishing scams where users click malicious links, a zero-click exploit can potentially infect a device just by receiving a message.

Trust Wallet has warned users about the iMessage exploit on X with the following words:

Due to this post getting a lot of views & comments, we thought we'd elaborate further for the community:

How did we come by this intel?
Trust Wallet is constantly monitoring multiple avenues for any and all security threats to our users, alongside security partners &… https://t.co/Z7vFtMENIp

— Trust Wallet (@TrustWallet) April 15, 2024

Is disabling iMessage the only option?

While Trust Wallet recommends disabling iMessage as a precautionary measure, it’s important to understand that the exact details of the exploit remain unclear. This makes it difficult to assess the true risk and the effectiveness of disabling iMessage entirely.

Security experts have expressed some skepticism towards the warning. Some argue that the evidence presented by Trust Wallet, such as a screenshot of a supposed exploit for sale on the dark web, might not be entirely reliable.

How to disable iMessage

Disabling iMessage can be a good temporary measure if you’re concerned about the recent security reports. Here’s how to do it:

1. Grab your iPhone and head to the Settings app.
2. Scroll down until you find the “Messages” section and tap on it.
3. Inside the Messages menu, you’ll see a toggle switch for “iMessage.” Simply slide the switch to the left to turn iMessage off.