Imagine being able to hack every iPhone around you in minutes, if not seconds. Well, that’s what a Google security researcher pulled off after discovering a scary vulnerability in Apple’s iOS.
On Tuesday, Ian Beer went public with the flaw, which thankfully was patched in May. “Using just a single vulnerability I was able to hack any iOS device near me and gain access to the photos, emails, private messages and more, all without the user ever knowing,” he wrote in a tweet.
Beer uploaded a video demonstrating the attack, which he describes as being like a magical spell. Using a laptop attached to two Wi-Fi adapters and a Raspberry Pi, he sends malicious code to a pack of nearby iPhones, forcing them to all reboot.
The cause of flaw? Blame Apple’s Wireless Direct Link feature (AWDL), which Beer says is enabled by default. The technology functions as a mesh networking protocol that Apple’s devices can use to communicate with each other over Wi-Fi.
However, the same protocol contained a buffer overflow programming error, enabling Beer to gain read and write privileges in an iPhone’s memory. In a 30,000-word blog post, he dives into how he spent six months studying the flaw and designing a way to attack it. In the end, he found a way to trigger the AWDL function on nearby iPhones using Bluetooth, allowing him to then exploit the vulnerability via Wi-Fi.
What makes the attack even more unsettling is how it can bypass every security protection Apple built into iOS. “With some proper engineering and better hardware, once AWDL is enabled the entire exploit could run in a handful of seconds,” he added.
The good news is that Beer has uncovered no evidence that hackers ever exploited the vulnerability in the real world. Still, the Google security researcher is warning the whole incident underscores how scary vulnerabilities can be lurking inside any major consumer device.
“My prototype exploit gains access to any nearby iPhone’s memory in just a few seconds; imagine launching the exploit from a drone flying across a protest,” he added in a tweet.
As a result, it’s imperative the tech industry vet their products for security flaws or risk an unknown vulnerability falling into the wrong hands. “As things stand now in November 2020, I believe it’s still quite possible for a motivated attacker with just one vulnerability to build a sufficiently powerful weird machine to completely, remotely compromise top-of-the-range iPhones,” Beer wrote.
In a statement, Apple pointed out the vulnerability was patched in iOS 13.5. The company also notes a vast majority of users keep their software current, ensuring their devices will be quickly protected from newly found vulnerabilities. In addition, Beer’s attack could have only been conducted on iPhones within Wi-Fi range.
