MobileNews

This incredible exploit could have let hackers remotely own iPhones without even touching them

Ever watch that movie, or play that video game, about the hacker who can instantly take over someone’s device without touching it at all? Those scenes are typically unrealistic as heck. But every once in a while, a real-life hack makes them seem downright plausible — a hack like the one you can see examples of in the videos above and below.

Today, Google Project Zero security researcher Ian Beer has revealed that, until May, a variety of Apple iPhones and other iOS devices were vulnerable to an incredible exploit that could let attackers remotely reboot and take complete control of their devices from a distance — including reading emails and other messages, downloading photos, and even potentially watching and listening to you through the iPhone’s microphone and camera.

How is such a thing even possible? Why would an iPhone even listen to a remote hacking attempt? According to Beer, that’s because today’s iPhones, iPads, Macs and Watches use a protocol called Apple Wireless Direct Link (AWDL) to create mesh networks for features like AirDrop (so you can easily beam photos and files to other iOS devices) and Sidecar (to quickly turn an iPad into a secondary screen). Not only did Beer figure out a way to exploit that, he also found a way to force AWDL to turn on even if it was left off previously.

While Beer says he has “no evidence that these issues were exploited in the wild” and admits it took him six whole months to sniff out, verify and demonstrate this exploit — and while it’s been patched as of May — he suggests we shouldn’t take the existence of such a hack lightly:

The takeaway from this project should not be: no one will spend six months of their life just to hack my phone, I’m fine.

Instead, it should be: one person, working alone in their bedroom, was able to build a capability which would allow them to seriously compromise iPhone users they’d come into close contact with.

Eerie stuff.

Apple doesn’t dispute the exploit existed, and in fact cites Beer in the changelogs for several of its May 2020 security updates that are linked to the vulnerability. But the company does point out that most iOS users, by far, are already using newer versions of iOS that have been patched — and suggests that an attacker would have needed to be within Wi-Fi range for it to work.

You can read Beer’s lengthy explanation of exactly how the hack worked right here.

Update, 9:44 PM ET: Added Apple comment.

Check out the latest Apple iPhones at great prices from Gizmofashion – our recommended retail partner.


Author: Sean Hollister
Source: Theverge

Related posts
Cleantech & EV'sNews

Einride deploys first daily commercial operations of autonomous trucks in Europe

Cleantech & EV'sNews

ChargePoint collaborates with GM Energy to deploy up to 500 EV fast chargers with Omni Ports

Cleantech & EV'sNews

How Ukraine assassinated a Russian general with an electric scooter

CryptoNews

Day-1 Crypto Executive Orders? Bitcoin Bulls Brace for Trump's Big Move

Sign up for our Newsletter and
stay informed!