A recently discovered and patched security vulnerability in Apple devices allowed hackers to remote control iPhones within WiFi range. Unlike many hacks, this vulnerability did not require the target iPhone to be touched by its user or the hacker. As one expert explained, “This attack is just you’re walking along, the phone is in your pocket, and over Wi-Fi someone just worms in with some dodgy Wi-Fi packets.”
9to5Mac reports that a major security failing by Apple allowed hackers to take total remote control of iPhones within WiFi range, allowing the hackers to download all the data on the phone and even activate the phone’s cameras and microphones. The vulnerability was not just a theoretical security flaw but one that a Google security researcher was able to demonstrate by taking full remote control of an iPhone in another room.
The exploit was demonstrated by Google Project Zero security researcher Ian Beer. Project Zero aims to identify and notify developers of vulnerabilities before hackers can discover and exploit them. Project Zero founder Chris Evans told Ars Technica that this security vulnerability was particularly worrying as it did not require any user interaction at all and leaves no clues that the device was accessed by hackers.
Evans stated: “This attack is just you’re walking along, the phone is in your pocket, and over Wi-Fi someone just worms in with some dodgy Wi-Fi packets.” The vulnerability lies in Apple’s Wireless Direct Link (AWDL) which is used by iPhones to send photos or files. A blog post about the vulnerability states:
AWDL is an Apple-proprietary mesh networking protocol designed to allow Apple devices like iPhones, iPads, Macs and Apple Watches to form ad-hoc peer-to-peer mesh networks. Chances are that if you own an Apple device you’re creating or connecting to these transient mesh networks multiple times a day without even realizing it.
If you’ve ever used Airdrop, streamed music to your Homepod or Apple TV via Airplay or used your iPad as a secondary display with Sidecar then you’ve been using AWDL. And even if you haven’t been using those features, if people nearby have been then it’s quite possible your device joined the AWDL mesh network they were using anyway.
After much work, researchers were able to use the exploit to access an iPhone in another room. The post explains the hacking process, stating:
This demo shows the attacker successfully exploiting a victim iPhone 11 Pro device located in a different room through a closed door. The victim is using the Youtube app. The attacker forces the AWDL interface to activate then successfully exploits the AWDL buffer overflow to gain access to the device and run an implant as root. The implant has full access to the user’s personal data, including emails, photos, messages, keychain and so on. The attacker demonstrates this by stealing the most recently taken photo. Delivery of the implant takes around two minutes, but with more engineering investment there’s no reason this prototype couldn’t be optimized to deliver the implant in a handful of seconds.
The hacking demo can be found below:
Read the full blog post on the issue here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address firstname.lastname@example.org