When you think about hackers, you think off sketchy, hooded characters sitting in a far off land, illegally diving into your hard drives and devices, accessing your files, photos, even your webcam—and victims are none the wiser. That’s obviously a dramatisation of the actual process of hacking a device, but a newly-discovered exploit comes pretty close in terms of the gravity of the consequences.
Google Project Zero security researcher Ian Beer has just published a 30,000 word blog post that details a zero-click iOS vulnerability that allowed attackers remote access to victims’ iPhones—allowing hackers total control over their devices, including email, messages, and photos access. The exploit also had the potential to give access to the iPhone’s microphone and camera to malicious parties.
“A wormable radio-proximity exploit which allows me to gain complete control over any iPhone in my vicinity. View all the photos, read all the email, copy all the private messages and monitor everything which happens on there in real-time.”
Beer did note that he has not found any evidence that the vulnerability was “exploited in the wild”, although this doesn’t necessarily mean that it has never happened before. However, the researcher submitted his findings to Apple prior to this, which means that the vulnerability has been patched since sometime before iOS 13.5. In fact, Apple even credited Beer in change logs prior to that, so the Cupertino-based company isn’t denying the existence of the vulnerability.
How it works
Despite the fact that the vulnerability has been patched in newer versions—and most users regularly stay updated, Apple claims—Beer warns that its mere existence should serve as a warning to security specialists and users alike:
“One person, working alone in their bedroom, was able to build a capability which would allow them to seriously compromise iPhone users they’d come into close contact with.”
The researcher also explained how the exploit works. Basically, the issue stems from Appel’s AWDL protocol—which is used by devices to perform peer-to-peer networks. For example, familiar features like AirDrop and Sidecar work by using ADWL. Back in 2018, one of Apple’s beta builds for iOS was released with function name symbols (that normally aren’t made available), and Beer dug into how AWDL’s lack of built-in encryption could be exploited.
Six months (and a couple of thousand words later), Beer shared his findings. He managed to successfully take control of an iPhone 11 Pro in the room next door—and his equipment was made up of a Raspberri Pi and some off-the-shelf WiFi adapters, along with a MacBook Air. Here’s how it looks:
In any case, you should always keep your devices up to date with OS updates. Putting aside new features and UI tweaks, updates often contain important security patches—such as the zero-click exploit we’re discussing in this article. If you’re keen to read a (very) detailed breakdown of the process, click here for Beer’s blog post.