• 中文版
  • BM
  • News
  • Deals
  • Reviews
    • First Impressions
    • Hands-on
    • Comparisons
  • Tech
    • Mobile
    • Computers
    • Cameras
    • Wearables
    • Audio
    • Drones
  • Telco
    • Celcom
    • Digi
    • Maxis
    • Time
    • U Mobile
    • Unifi
    • Yes
  • Video
  • Cars
  • Contribute
Menu
  • 中文版
  • BM
  • News
  • Deals
  • Reviews
    • First Impressions
    • Hands-on
    • Comparisons
  • Tech
    • Mobile
    • Computers
    • Cameras
    • Wearables
    • Audio
    • Drones
  • Telco
    • Celcom
    • Digi
    • Maxis
    • Time
    • U Mobile
    • Unifi
    • Yes
  • Video
  • Cars
  • Contribute
Search
  • 中文版
  • BM
  • News
  • Deals
  • Reviews
    • First Impressions
    • Hands-on
    • Comparisons
  • Tech
    • Mobile
    • Computers
    • Cameras
    • Wearables
    • Audio
    • Drones
  • Telco
    • Celcom
    • Digi
    • Maxis
    • Time
    • U Mobile
    • Unifi
    • Yes
  • Video
  • Cars
  • Contribute
Menu
  • 中文版
  • BM
  • News
  • Deals
  • Reviews
    • First Impressions
    • Hands-on
    • Comparisons
  • Tech
    • Mobile
    • Computers
    • Cameras
    • Wearables
    • Audio
    • Drones
  • Telco
    • Celcom
    • Digi
    • Maxis
    • Time
    • U Mobile
    • Unifi
    • Yes
  • Video
  • Cars
  • Contribute
Search
Close
Home News

This scary exploit gave hackers total remote control of iPhones via Apple’s AWDL protocol

  • BY Nic Ker
  • 3 December 2020
  • 2:43 pm
  • Comment
Share on FacebookShare on Twitter

When you think about hackers, you think off sketchy, hooded characters sitting in a far off land, illegally diving into your hard drives and devices, accessing your files, photos, even your webcam—and victims are none the wiser. That’s obviously a dramatisation of the actual process of hacking a device, but a newly-discovered exploit comes pretty close in terms of the gravity of the consequences.

Google Project Zero security researcher Ian Beer has just published a 30,000 word blog post that details a zero-click iOS vulnerability that allowed attackers remote access to victims’ iPhones—allowing hackers total control over their devices, including email, messages, and photos access. The exploit also had the potential to give access to the iPhone’s microphone and camera to malicious parties.



“A wormable radio-proximity exploit which allows me to gain complete control over any iPhone in my vicinity. View all the photos, read all the email, copy all the private messages and monitor everything which happens on there in real-time.”

Beer did note that he has not found any evidence that the vulnerability was “exploited in the wild”, although this doesn’t necessarily mean that it has never happened before. However, the researcher submitted his findings to Apple prior to this, which means that the vulnerability has been patched since sometime before iOS 13.5. In fact, Apple even credited Beer in change logs prior to that, so the Cupertino-based company isn’t denying the existence of the vulnerability.

How it works

Despite the fact that the vulnerability has been patched in newer versions—and most users regularly stay updated, Apple claims—Beer warns that its mere existence should serve as a warning to security specialists and users alike:



“One person, working alone in their bedroom, was able to build a capability which would allow them to seriously compromise iPhone users they’d come into close contact with.”

The researcher also explained how the exploit works. Basically, the issue stems from Appel’s AWDL protocol—which is used by devices to perform peer-to-peer networks. For example, familiar features like AirDrop and Sidecar work by using ADWL. Back in 2018, one of Apple’s beta builds for iOS was released with function name symbols (that normally aren’t made available), and Beer dug into how AWDL’s lack of built-in encryption could be exploited.

Six months (and a couple of thousand words later), Beer shared his findings. He managed to successfully take control of an iPhone 11 Pro in the room next door—and his equipment was made up of a Raspberri Pi and some off-the-shelf WiFi adapters, along with a MacBook Air. Here’s how it looks:

In any case, you should always keep your devices up to date with OS updates. Putting aside new features and UI tweaks, updates often contain important security patches—such as the zero-click exploit we’re discussing in this article. If you’re keen to read a (very) detailed breakdown of the process, click here for Beer’s blog post.

[ SOURCE , VIA , IMAGE SOURCE ]

Tags: AppleiPhoneiPhone 12Mobile
Nic Ker

Nic Ker

POPULAR

PSA: How to avoid expensive penalty toll charges when using RFID?

May 14, 2022

Elon Musk’s Starlink satellite service to cover Malaysia in 2023 but should you place a USD 99 deposit today?

May 15, 2022

Here are the best prepaid plans in Malaysia – May 2022 Edition

May 10, 2022

Malaysian passport renewals must now be done online. Here’s how you can get it done

May 17, 2022

This scary exploit gave hackers total remote control of iPhones via Apple’s AWDL protocol

December 3, 2020

PLUS highway uses Nvidia GPUs and software for number plate recognition

May 11, 2022

Copyright © 2022 · SoyaCincau.com
Mind Blow Sdn Bhd (1076827-P)

  • ADVERTISE
  • DISCLAIMER

Copyright © 2022 · SoyaCincau.com – Mind Blow Sdn Bhd (1076827-P)

  • ADVERTISE
  • DISCLAIMER