Categories: NewsTech

This scary exploit gave hackers total remote control of iPhones via Apple’s AWDL protocol

When you think about hackers, you think off sketchy, hooded characters sitting in a far off land, illegally diving into your hard drives and devices, accessing your files, photos, even your webcam—and victims are none the wiser. That’s obviously a dramatisation of the actual process of hacking a device, but a newly-discovered exploit comes pretty close in terms of the gravity of the consequences.

Google Project Zero security researcher Ian Beer has just published a 30,000 word blog post that details a zero-click iOS vulnerability that allowed attackers remote access to victims’ iPhones—allowing hackers total control over their devices, including email, messages, and photos access. The exploit also had the potential to give access to the iPhone’s microphone and camera to malicious parties.

“A wormable radio-proximity exploit which allows me to gain complete control over any iPhone in my vicinity. View all the photos, read all the email, copy all the private messages and monitor everything which happens on there in real-time.”

Beer did note that he has not found any evidence that the vulnerability was “exploited in the wild”, although this doesn’t necessarily mean that it has never happened before. However, the researcher submitted his findings to Apple prior to this, which means that the vulnerability has been patched since sometime before iOS 13.5. In fact, Apple even credited Beer in change logs prior to that, so the Cupertino-based company isn’t denying the existence of the vulnerability.

How it works

Despite the fact that the vulnerability has been patched in newer versions—and most users regularly stay updated, Apple claims—Beer warns that its mere existence should serve as a warning to security specialists and users alike:

“One person, working alone in their bedroom, was able to build a capability which would allow them to seriously compromise iPhone users they’d come into close contact with.”

The researcher also explained how the exploit works. Basically, the issue stems from Appel’s AWDL protocol—which is used by devices to perform peer-to-peer networks. For example, familiar features like AirDrop and Sidecar work by using ADWL. Back in 2018, one of Apple’s beta builds for iOS was released with function name symbols (that normally aren’t made available), and Beer dug into how AWDL’s lack of built-in encryption could be exploited.

Six months (and a couple of thousand words later), Beer shared his findings. He managed to successfully take control of an iPhone 11 Pro in the room next door—and his equipment was made up of a Raspberri Pi and some off-the-shelf WiFi adapters, along with a MacBook Air. Here’s how it looks:

In any case, you should always keep your devices up to date with OS updates. Putting aside new features and UI tweaks, updates often contain important security patches—such as the zero-click exploit we’re discussing in this article. If you’re keen to read a (very) detailed breakdown of the process, click here for Beer’s blog post.

[ SOURCE , VIA , IMAGE SOURCE ]

Recent Posts

Vivo X200 series launching in Malaysia on 19th November 2024, pre-orders now open

Vivo has announced that it will be launching the Vivo X200 series in Malaysia on…

1 day ago

Samsung Galaxy A16 5G launched in Malaysia with 6 years of software updates

Samsung has just launched its latest budget-oriented smartphone, the Galaxy A16 5G here in Malaysia.…

2 days ago

Hold on a minute! Is Yes 5G giving you cashback to lower the cost of your iPhone 16?

This post is brought to you by Yes 5G. If you’ve been eyeing the latest…

2 days ago

RedMagic 10 Pro: Snapdragon 8 Elite powered gaming smartphone with huge 7,050mAh battery

Not too long after launching the RedMagic 9S Pro in Malaysia, the gaming brand under…

2 days ago

Oppo Find X8 and X8 Pro are the first global smartphones powered by MediaTek Dimensity 9400

The Oppo Find X8 series will be launching globally on 21st November 2024 and Malaysia…

2 days ago

Kia to introduce EVs priced below RM160K for emerging markets

During the recent 2014 Kia EV Day APAC, the Korean carmaker unveiled four new electric…

3 days ago

This website uses cookies.