5 On Your Side

How worried should you be about viral iPhone security warning?

Trust Wallet, a cryptocurrency wallet company, has raised concerns about a potential scam involving an exploit for sale on the dark web.
Posted 2024-04-17T20:46:06+00:00 - Updated 2024-04-18T15:00:17+00:00
Cybersecurity expert discusses warning about iPhone vulnerability
By 
Keely Arthur
 , WRAL consumer reporter

iPhone users may have seen an ominous warning online this week - disable iMessages or risk having your iPhone hacked.

But there are questions about whether the company that put out this warning was actually the one who got scammed.

Trust Wallet, a cryptocurrency wallet company with 80 million users, says they discovered something called an "exploit" for sale on the dark web.

Trust Wallet's CEO posted a picture on X of the exploit that claims to be able to take control of an iPhone via iMessage without the phone's owner having to click on or download malware.

In a separate post on X, Trust Wallet recommended disabling iMessages as soon as possible until Apple patches the vulnerability.

The post had 3.9 million views and stories started circulating about it online.

However, some commenters and experts questioned whether the posting on the dark web was legitimate, or possibly a scam.

The price tag on the exploit was $2 million.

"If one person falls for it [the scammers] get $2 million based on what they're selling it for," explained cybersecurity expert Clark Walton when asked about the motivation for a dark web post like that. "It's money, they're trying to get money. They may actually send whoever buys it, if it is a scam, they may send whoever buys it some piece of software that does other bad things to computers."

Online publication TechCrunch said the viral tweet from Trust Wallet sounded like a false alarm and cited several reasons the dark web listing was very likely a scam that Trust Wallet fell for.

Walton said it's very possible that is the case.

"They clearly didn't pay the $2 million to download the exploit and test it themselves. They really have no way of know if that's true or not," Walton said. "It's not impossible but, there are very few things like that out there."

WRAL 5 On Your Side reached out to Trust Wallet asking for any additional information or evidence that the exploit was real. They sent us this statement:

"We did a follow-up message [on X], regarding the statement and our sources," Trust Wallet said.

Notably, we're not the only ones who have discovered this information; several other non-Trust Wallet security experts are involved as well. We think it's crucial to share this rather than remain silent. We strongly advise our users to deactivate iMessage until further details regarding this issue are available."

WRAL 5 On Your Side did reach out to Apple and the Cybersecurity and Infrastructure Security Agency to see if this was a threat you needed to take action on but, neither responded.

We asked Walton how concerned people should be about this warning.

"Most people should not be worried," he said.

A couple things Walton mentioned to protect yourself online:

  • If you're not using an app or account - get rid of it.
  • Keep the apps, devices and computers you are using, up to date.

related

Videos

WRAL Late News
watch ·

WRAL Late News

WRAL WeatherCenter Forecast
watch ·

WRAL WeatherCenter Forecast

Live video of police removing pro-Palestinian protestors at UNC-Chapel Hill
watch ·

Live video of police removing pro-Palestinian protestors at UNC-Chapel Hill

Evening Pick 3 Pick 4 and Cash 5
watch ·

Evening Pick 3 Pick 4 and Cash 5

Powerball Drawing
watch ·

Powerball Drawing

Credits