Aden – Yasmine Abdullah Al-Tohamy – A dangerous vulnerability that allows hackers to control an iPhone from a distance
Thursday 3 December 2020
Beer, who works on Google’s Project Zero security team, says that until May, a variety of iPhones and other iOS devices were vulnerable to an exploit that allowed attackers to remotely restart and gain complete control of their devices from a distance.
Regarding the severity of this vulnerability, the security researcher confirmed that it enables the hacker to read e-mails and other messages, download pictures, and watch and listen to you through a microphone and iPhone camera.
He pointed out that iPhone, iPad and Mac devices use a protocol called AWDL to create interconnected networks of features such as: AirDrop and Sidecar, so that you can easily send photos and files to other iOS devices and turn an iPad into a secondary screen.
The security researcher discovered a way to exploit this, and also found a way to force the AWDL protocol to run even if it was stopped previously.
Bear says: He has no evidence that these problems have been exploited, and admits that it took a full 6 months to identify, verify and prove this exploitation, according to Tech Gate.
Although Apple announced that it had corrected the vulnerability as of May via iOS 13.5, the researcher reiterated the importance of not underestimating the existence of such a breach.
He said, “The conclusion learned from this project should not be that no person would spend six months just hacking my phone, and instead, the result should be that there is one person working alone who has been able to seriously harm iPhone users.”
Apple does not question the existence of the exploit, and cited the security researcher in the change logs for the many May 2020 security updates associated with the vulnerability.
The company notes that most of the iOS users are using newer, patched versions of iOS.
Apple explains that the hack will only work when you are in the range of the wireless network, although you do not need to be within the wireless network itself.