MobileNews

iPhone exploit gave hackers control over WiFi without your input

Many security exploits require at least some kind of interaction on your part, but that wasn’t true for an iPhone exploit earlier this year. As Ars Technica reports, Google Project Zero researcher Ian Beer has detailed an iOS 13 exploit that let someone remotely control a device over WiFi using a “zero-click” attack — that is, with no input required from the target.

The exploit took advantage of a buffer overflow bug in a driver for the in-house mesh networking protocol used for features like AirDrop. As that driver sits in the operating system’s kernel, which has extensive privileges, a successful hack could have dealt extensive damage. An intruder could have installed an “implant” that accessed sensitive info like cryptographic keys and photos, for instance.

It wouldn’t have been trivial to stage an attack, but it wouldn’t have been difficult, either. Beer used a laptop, a Raspberry Pi 4 and a readily available Netgear WiFi adapter, and he was working from home during a pandemic lockdown. The stealthiness was the greater concern. A perpetrator could have swiped personal data while leaving you completely oblivious, at least as long as there was a reasonably close hiding place.

Notice the use of the past tense, however. Apple fixed the flaw in iOS 13.3.1, before iOS 13.5 arrived with COVID-19 contact tracing. It’s also unclear if anyone made use of the flaw in the wild, which might have been difficult with many people working from home. Still, this could easily have been a serious problem in apartments and other places where it’s difficult to stay out of WiFi distance from others.

Check out the latest Apple iPhones at great prices from Gizmofashion – our recommended retail partner.


Author: Jon Fingas, @jonfingas
11h ago

Source: Engadget

Related posts
AI & RoboticsNews

H2O.ai improves AI agent accuracy with predictive models

AI & RoboticsNews

Microsoft’s AI agents: 4 insights that could reshape the enterprise landscape

AI & RoboticsNews

Nvidia accelerates Google quantum AI design with quantum physics simulation

DefenseNews

Marine Corps F-35C notches first overseas combat strike

Sign up for our Newsletter and
stay informed!