Trust Wallet, a leading cryptocurrency wallet provider, has issued a warning urging Apple users to disable iMessage due to a potential zero-day exploit that could compromise their devices. The firm claims to have received “credible intel” regarding a high-risk zero-day exploit targeting iMessage, which is allegedly being sold on the dark web for a staggering $2 million.
TLDR
- Trust Wallet, a prominent crypto wallet provider, has warned Apple users to disable iMessage due to a potential zero-day exploit targeting the messaging app.
- The exploit allegedly allows hackers to take control of iPhones without user interaction and is being sold on the dark web for $2 million.
- Trust Wallet claims high-value account holders are most at risk, and all crypto wallets on iPhones with iMessage enabled are vulnerable.
- The validity of the exploit’s threat has been questioned by industry experts, who argue that the evidence provided is insufficient and could cause unnecessary panic.
- The incident highlights ongoing security concerns with Apple’s iMessage, which has been targeted by hackers in the past, and the broader vulnerability of blockchain networks to zero-day exploits.
According to Trust Wallet, the exploit is capable of infiltrating and taking control of iPhones without requiring users to click on any links or take any specific action. This type of vulnerability, known as a zero-day exploit, takes advantage of previously unknown software or hardware vulnerabilities before the vendor has had a chance to address them, making them particularly dangerous and difficult to detect.
The threat posed by this alleged exploit is further underscored by Trust Wallet’s CEO, Eowyn Chen, who shared a screenshot purportedly showing the exploit being offered on the dark web for $2 million. The high price tag suggests that the exploit is perceived to be valuable and potentially poses a significant threat.
Threat intel detected an iOS iMessage zero-day exploit for sale in the Dark Web. It is a zero click exploit to take over control of the phone via iMessages. Its asking price is $2M. This would make sense for very high value individual targets, as more the zero-day is used,… https://t.co/KTKgW6uCuv pic.twitter.com/6ULRgVSxjc
— Eowync.eth (@EowynChen) April 15, 2024
Trust Wallet has emphasized that users with high-value accounts are at the greatest risk, as their assets could be targeted by malicious actors exploiting the vulnerability. Additionally, the firm has stated that all cryptocurrency wallets held on iPhones with iMessage enabled are vulnerable to the exploit.
However, the validity of the alleged zero-day exploit has been met with skepticism from several industry experts. A pseudonymous blockchain researcher, known as Beau, has criticized the evidence provided by Trust Wallet, stating that a screenshot of someone claiming to have an exploit does not constitute credible proof of an actual vulnerability.
Beau also expressed concerns that Trust Wallet’s alert could potentially cause unnecessary panic and harm among users, especially if the threat is not as severe as claimed. This sentiment was echoed by other industry analysts, who questioned the firm’s decision to issue such a broad warning without providing more substantial evidence.
Despite the skepticism, Trust Wallet has defended its decision, stating that the intelligence was sourced from its security team and partners who constantly monitor for potential threats. The firm’s alert on the social media platform X has garnered significant attention, with over 1.2 million users viewing it within the first four hours of its posting.
1/2: ⚠️ Alert for iOS users: We have credible intel regarding a high-risk zero-day exploit targeting iMessage on the Dark Web.
This can infiltrate your iPhone without clicking any link. High-value targets are likely. Each use raises detection risk. #CyberSecurity
— Trust Wallet (@TrustWallet) April 15, 2024
This incident comes on the heels of Apple releasing emergency security updates last month to address two iOS zero-day vulnerabilities that were actively being exploited in attacks on iPhones. Additionally, security researchers at Kaspersky have previously documented instances where Apple’s iMessage application has been used as an attack vector by hackers.
The broader blockchain ecosystem is also facing similar security challenges, with cybersecurity firm Halborn recently claiming that more than 280 blockchain networks could be vulnerable to zero-day exploits, potentially jeopardizing over $25 billion worth of cryptocurrency assets.
As cybercriminals become increasingly sophisticated, it is crucial for users, developers, and security experts to remain vigilant and proactive in addressing potential vulnerabilities.
