This incredible exploitation can allow hackers to own a remote iPhone without touching them


Watch that movie, or play that video game, about that hacker who can instantly take over someone’s device without touching it right? Those scenes are usually as unrealistic as the hack. But after each time, the real life hack makes them seem quite plausible – like a hack that you can see examples in the videos above and below.

Today, Google Project Zero security researcher Ian Beer revealed that, as of May, various Apple Pull iPhones and other iOS devices were vulnerable to unreliable exploitation that could reboot attackers remotely and take full control of their devices remotely – including reading emails and others. Downloading messages, photos, and possibly seeing and hearing you through the iPhone’s microphone and camera.

How is such a thing possible? Why would an iPhone even hear of a remote hacking attempt? According to Beer, this is because Apple uses a protocol called Wireless Direct Link (AWDL) to create a mesh network for features like today’s iPhone, iPad, Max and watches AirDrop (so you can easily beam photos and files on other iOS devices). And Sidecar (to quickly turn the iPad into a secondary screen). Bear found a way to exploit it, not only that, he also found a way to force AWDL to continue, if it had been abandoned earlier.

When Beer says he has “no evidence that these issues were exploited in the wild” and admits that it took him a whole month to snatch, verify and demonstrate – and when it was cached in May – he suggested that we The existence of such hacks should not be taken lightly:

Withdrawal from this project should not be: No one will just spend six months of their lives hacking their phone, I’m fine.

Instead, it should be: One person, working alone in their bedroom, was able to develop the ability to seriously compromise their interaction with iPhone users.

Strange stuff.

Apple Play did not immediately respond to a request for comment, but the company cites beer in changelogs for several of its May 2020 security updates that are linked to vulnerabilities.

You can read Beer’s long explanation of how the hack worked here.