[ad_1]
Using a zero-click exploit, an attacker could have taken complete control of any iPhone within Wi-Fi range in seconds.
Earlier this year, Apple fixed a serious security loophole in an iOS feature that could have allowed attackers to remotely gain complete control over any iPhone within Wi-Fi range. However, details about the flaw, which was fixed months ago, were scant until now.
In a blog post of no less than 30,000 words, Google Project Zero researcher Ian Beer described how, over a six-month period, he created a radio proximity exploit that would give him full control over an iPhone in his neighborhood. . The exploit allowed him to access all the data stored on the device, including photos, emails, private messages, keychain passwords, as well as monitor everything that happens on the device in real time.
The vulnerability could be largely eliminated with worms, so any attack that exploited it could have spread from one device to another without the need for user interaction. Beer, however, added that there was no evidence to suggest the vulnerability was ever exploited in the wild.
The flaw lies in the Apple Wireless Direct Link (AWDL) protocol, which is used for peer-to-peer network communications between iOS devices and power features like AirDrop or SideCar. Beer described it as “a fairly trivial buffer overflow bug in the C ++ code in the kernel that parses untrusted data, exposed to remote attackers.” He also added that the entire exploit uses only a memory corruption vulnerability that it exploited to compromise a flagship iPhone 11 Pro device.
Beer also shared a video demonstrating the attack:
In a series of tweetsBeer also explained that the range and distance of the attacks could be extended using readily available equipment:
“AWDL is enabled by default, exposing a large and complex attack surface to everyone in the vicinity of the radio. With specialized equipment, the radio range can be hundreds of meters or more. However, you don’t need fancy setup. This exploit only uses a Raspberry Pi and two standard WiFi adapters for a total cost of less than $ 100. ” While AWDL is enabled by default, Beer also found a way to remotely enable it even if it was turned off, using the same attack.
Beer reported the vulnerability to Apple a year ago, almost daily. The flaw was fixed as CVE-2020-3843 in iOS 13.1.1 / MacOS 10.15.3 in January of this year, Beer said. It’s safe to say that the vast majority of iOS users run one of the newer versions of the system, as confirmed by Apple for The Verge as well. In any case, if you haven’t done so by now, do yourself a favor and apply the updates as soon as possible.
Apple also fixed three actively exploited zero-day flaws last month, which were also, incidentally, reported by Google Project Zero researchers.
[ad_2]
