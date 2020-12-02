Google Project Zero identified a serious iPhone vulnerability that would have allowed an attacker to steal sensitive content from a victim’s device remotely over Wi-Fi.

The attacker only needed to be in proximity of the phone and use off-the-shelf components to extract personal data including photos, messages, emails, and passwords.

The unsuspecting victim would not even realize they were being hacked.

Apple patched the iOS vulnerability in May, and most iPhones and iPads are now protected.

Historically, the iPhone provides users better security and privacy than Android. But no matter how much Apple tries to create an impregnable operating system, iOS isn’t impervious to malicious attacks. Some of the most expensive hacks that security companies trade involve the iPhone. And jailbreakers have always found ways to crack open the iPhone and install whatever types of apps they wanted. But it’s one thing to jailbreak a phone so you can install apps that aren’t available in the App Store, and quite another to hack someone’s iPhone remotely without raising any red flags.

You know that scene in spy movies where a hacker brings a spy phone in proximity to a target’s handset, and within seconds the target phone is hacked? Well, someone managed to pull off the same trick with any iPhone. They isolated a vulnerability in iOS code that allowed an attacker to inject code into the targeted iPhone via Wi-Fi and steal sensitive information. The whole thing happens in seconds and the attacker would not even have to gain physical access to the victim’s device. Apple patched the security issue several months ago, so most iPhones and iPads are no longer susceptible to the attack. But the following videos show how easy it would have been to steal data from unsuspecting victims.

Apple issued a patch for the security issue back in May, with the vulnerability impacting devices that ran iOS 13.5. The patch came after Google Project Zero’s researcher Ian Beer devised the method of hacking iPhones and iPads remotely over Wi-Fi and informed Apple about it.

Beer spent six months developing the hack. He published a 30,000-word post on Google’s blog on Tuesday, describing the vulnerability in great detail. The researcher said that there’s no actual evidence that someone exploited this critical bug before Apple patched it, but at least one exploit reseller was aware of it before it was patched in May.

The exploit relied on a bug in AWDL, explains Ars Technica. That’s a proprietary mesh networking protocol that allows Apple to offer cool features like AirDrop. AWDL works over Wi-Fi, so exploits can be sent over the air without the victim realizing anything is happening in the background.

Beer came up with several exploits, including an advanced one that obtained a trove of personal data from the handset. It’s not just emails, photos, and messages that could be stolen that way, but passwords and crypto keys stored in the keychain as well. This would make the hack incredibly valuable to nefarious hackers.

As you’ll see in one of the two videos below, an attacker would have only needed a Raspberry Pi and off-the-shelf Wi-Fi adapters to make it work. The prototype implant is delivered in about two minutes to the victim’s iPhone, but a fine-tuned version would need only a few seconds. All the attacker has to do is make sure he or she is within Wi-Fi range of the target.

In the following video, the attacker is separated from the victim by a wall. That’s close enough for the hack to work, and the attacker ends up stealing the photo that was just snapped on the iPhone 11.

The next video is much shorter but does a great job of showing the incredible power of the hack. Using the same equipment, the attacker can reboot all the iPhones in Wi-Fi range with no user interaction. The entire thing is just mesmerizing.

Thankfully, Apple has already fixed the issue. Most people who update their handsets and tablets regularly are already protected. If you’re still running iOS 13.5 for some reason, you should update your device immediately.

Beer’s full story is available at this link.