‘IMessage leaks sensitive information through link previews since update’

The British security company The Antisocial Engineer reports that since an update, iMessage automatically loads the links in text messages with a preview. This would make it possible to retrieve sensitive information via a message, for example the IP address of the user.

Normally a user has to click on the link first, but according to the company that is no longer necessary since the update. As a result, Apple would deprive users of the choice whether or not to click on a link. An attacker could use such a link to gather valuable information for a targeted phishing attack. For example, he can find out the browser type of the iMessage user.

The company does indicate that this information is not of much value, because most iMessage users have Safari as their browser. The same applies to information about the device type, which can also be found in other ways. What the researchers of the company are concerned with, however, is that the IP address can be found as long as the device does not use WiFi. On the basis of this, an attacker can then trace the provider.

The IP address also makes the user vulnerable to a so-called sim swap fraud, with which malicious parties could take over a telephone number. If the device is connected to Wi-Fi, an attacker can obtain additional information based on the home IP address, such as an estimate of the user’s location and information about the user’s provider, the company says.