Most serious iPhone hack ever exposed

1. Home
2. News
3. Security

About serious iPhone hack always exposed

(Image credit: Aleksey Khilko/Shutterstock)

Don't panic, but until a few months ago, your iPhone or iPad could have been hacked past any stranger passing by — and not merely past AirDropping a nasty picture on your screen.

A flaw in the Apple tree Wireless Direct Link (AWDL) protocol, upon which AirDrop runs, allowed someone with the right (cheap) equipment to get into your phone, steal private data and install malware, all in under two minutes. (This flaw didn't seem to affect Macs.)

• iPhone apps just equally unsafe as Android apps, says security researcher
• The best Mac antivirus software to keep your Apple tree polished
• New: iPhone 12 has a serious signal problem — what you need to know

Even worse, one time your iPhone had been infected, it could spread the infections to other nearby iPhones or iPads, meaning that pretty shortly your friends and family would be infected equally well.

Turning off AirDrop, Bluetooth or Wi-Fi on your iPhone wouldn't help — the attack tin can get your iPhone to plough AWDL dorsum on, even if the phone is locked.

This is "a wormable radio-proximity exploit which allows me to gain complete control over any iPhone in my vicinity," wrote Ian Beer, a fairly well-known researcher with Google'due south Project Zero bug-hunting squad, in a  blog post yesterday (Dec. 1).

Beer said he could "view all the photos, read all the email, copy all the individual messages and monitor everything which happens on there [on an iPhone] in real-time."

Yous don't need to worry about this as long as your iPhone is patched up to at least iOS thirteen.v or iOS 12.4.7, both of which were released in May 2020. An Apple tree spokesperson confirmed that to Tom's Guide.

Mayhap the most serious iPhone flaw ever

We haven't had the time to read through Beer's 30,000-word weblog mail service detailing his research, but suffice it to say that this is perchance the most severe security flaw to always touch Apple'south mobile Bone — even bigger than a longstanding state-sponsored iPhone hacking campaign that Beer revealed in 2019.

"If you've ever used AirDrop, streamed music to your Homepod or Apple TV via Airplay or used your iPad equally a secondary display with Sidecar and then y'all've been using AWDL," Beer wrote. "And even if yous haven't been using those features, if people nearby accept been and then information technology's quite possible your device joined the AWDL mesh network they were using anyhow."

This isn't the first time AirDrop and AWDL have been shown to exist unsafe. In mid-2019, German researchers found that AirDrop and AWDL opened upwards Macs and iPhones to all sorts of over-the-air attacks. In fact, warnings virtually AirDrop vulnerabilities date back several years.

But none of the previous research went every bit far as Beer has. In this five-minute demo, he shows how a laptop rigged up to a Raspberry Pi mini-estimator with a couple of Wi-Fi dongles attached can hack into a iPhone in another room (in what appears to exist Beer's flat).

"This entire exploit uses just a single memory corruption vulnerability to compromise the flagship iPhone 11 Pro device," Beer wrote. "With just this 1 issue I was able to defeat all the mitigations in gild to remotely gain native code execution and kernel memory read and write."

Beer spent six months working on this, but he warned that that should non be any reason to downplay this hack.

"The takeaway from this project should non be: No one will spend six months of their life just to hack my phone, I'grand fine," Beer wrote. "Instead, it should be: one person, working alone in their bedroom, was able to build a capability which would allow them to seriously compromise iPhone users they'd come into shut contact with."

Imagine how quickly a team of well-funded professionals working for a nation-state intelligence agency could have developed the same exploit. Your best bet may be to assume that they did.

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul commuter, code monkey and video editor. He's been rooting around in the data-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom'southward Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown upward in random TV news spots and even moderated a panel discussion at the CEDIA domicile-technology briefing. You can follow his rants on Twitter at @snd_wagenseil.

Source: https://www.tomsguide.com/news/iphone-airdrop-hack

Posted by: groesbeckalmly1938.blogspot.com

Share this post