Ever watch that movie, or play that video game, about the hacker who can instantly take over someone’s device without touching it at all? Those scenes are typically unrealistic as heck. But every once in a while, a real-life hack makes them seem downright plausible — a hack like the one you can see examples of in the videos above and below.
Today, Google Project Zero security researcher Ian Beer has revealed that, until May, a variety of Apple iPhones and other iOS devices were vulnerable to an incredible exploit that could let attackers remotely reboot and take complete control of their devices from a distance — including reading emails and other messages, downloading photos, and even potentially watching and listening to you through the iPhone’s microphone and camera.
How is such a thing even possible? Why would an iPhone even listen to a remote hacking attempt? According to Beer, that’s because today’s iPhones, iPads, Macs and Watches use a protocol called Apple Wireless Direct Link (AWDL) to create mesh networks for features like AirDrop (so you can easily beam photos and files to other iOS devices) and Sidecar (to quickly turn an iPad into a secondary screen). Not only did Beer figure out a way to exploit that, he also found a way to force AWDL to turn on even if it was left off previously.
While Beer says he has “no evidence that these issues were exploited in the wild” and admits it took him six whole months to sniff out, verify and demonstrate this exploit — and while it’s been patched as of May — he suggests we shouldn’t take the existence of such a hack lightly:
The takeaway from this project should not be: no one will spend six months of their life just to hack my phone, I’m fine.
Instead, it should be: one person, working alone in their bedroom, was able to build a capability which would allow them to seriously compromise iPhone users they’d come into close contact with.
Eerie stuff.
Apple doesn’t dispute the exploit existed, and in fact cites Beer in the changelogs for several of its May 2020 security updates that are linked to the vulnerability. But the company does point out that most iOS users, by far, are already using newer versions of iOS that have been patched — and suggests that an attacker would have needed to be within Wi-Fi range for it to work.
You can read Beer’s lengthy explanation of exactly how the hack worked right here.
Update, 9:44 PM ET: Added Apple comment.
Author: Sean Hollister
Source: Theverge