Ian Beer at Google’s Project Zero has discovered and managed to exploit a bug in iOS that made it possible to completely take over the system via Wi-Fi.
In a blog post of around 30,000 words, security researcher Ian Beer at Google’s Project Zero describes how he discovered and exploited one of the most breathtaking bugs ever in Apple’s iOS.
The bug was in the driver for something called AWDL and is a Wi-Fi technology for creating temporary mesh networks, for example for AirDrop. Apple had chosen to run that code at the kernel level, according to Ian Beer, probably because it is a time-critical feature. Because it’s in the kernel, a buffer overflow attack can be serious, and that’s exactly what Ian Beer found.
With the help of a Raspberry Pi and other cheap equipment, after about six months of development, he managed to get a hack that can take over and remotely control an iPhone without any interaction from the owner. In one filmed demo he shows how he can get 26 phones to suddenly restart, and in another how he filters out a photo.
You should have nothing to fear as the vulnerability has already been fixed back in the spring before the launch of iOS 13.5. Most users have already updated so they cannot be hacked this way. If your phone is running any version of iOS since that update you will be safe from this particular hack.
Still, it shows that Apple is not infallible. And it’s also why it’s important to update your iPhone when Apple issues a software update – something that was emphasised again more recently with news of a
flaw in iMessage.
iPhone security tips.
In the past Apple has closed a zero-day attack
hole on iPhones that was being exploited.
This article originally appeared on
Macworld Sweden. Translation by Karen Haslam.