The New iMessage Preview Feature

Possibility for drive-by attacks without user intervention. The new iMessage preview feature that gives users a fast look at weblinks reveals network and device information to servers, data that can be utilized for surveillance and assaults.

iMessage preview also returns web browser user agent info that includes the version of Safari running on these devices. The advice is provided from every apparatus possessed by an individual, and can be used to ascertain the place of users by comparing the IP addresses presented by iMessage preview and correlating them with time stamps. McKillop said iMessage preview could be a possible attack vector as it can identify vulnerable versions of the web browser on a device. As previews are mechanically loaded, a vulnerability in Safari could be activated simply by sending an iMessage with a URL pointing to some malicious website, McKillop theorised.

iMessage Previews cannot be switched off, and there is absolutely no option to make requests go through a proxy server that would conceal the device advice. “Hopefully Apple will either change this or make it an option to request via a proxy (enabled by default),” McKillop said.

“[Nevertheless] occasionally the best alternative is the most clear; extract the metadata on the sending apparatus (they obviously trust the URL) and encapsulate that as metadata within the message.” It is unclear whether McKillop reported the problem to Apple before revealing it publicly.