iOS exploit allows hackers to gain access to photos, messages, and more
- dec
- 01
The exploit is thankfully not being used in the wild.
What you need to know
- A member of Project Zero at Google has discovered an exploit that allows hackers to access an iOS device.
- The exploit allows a hacker to access photos, messages, and more without the user's knowledge.
- The issue is related to the technology that enables features like AirDrop.
Ian Beer, a member of the Project Zero team at Google, has discovered an exploit with the technology used to enable wireless connection features like AirDrop that allowed the hacker to gain access to photos, email, and messages from iOS devices without the user ever knowing.
Beer posted the news earlier today on Twitter, saying that he has been working on the project since the beginning of the year.
Excited to finally publish my lockdown project from earlier this year: an iOS zero-click radio proximity exploit odyssey.https://t.co/UXQvemH0hG
— Ian Beer (@i41nbeer) December 1, 2020
The developer says that the vulnerability was discovered in a component called AWDL, the technology that enables peer to peer connection, like AirDrop, between Apple devices.
AWDL is enabled by default, exposing a large and complex attack surface to everyone in radio proximity. With specialist equipment the radio range can be hundreds of meters or more.
— Ian Beer (@i41nbeer) December 1, 2020
Beer pointed out that, in the wrong hands, this kind of exploit could invade privacy on a massive level.
My prototype exploit gains access to any nearby iPhone's memory in just a few seconds; imagine launching the exploit from a drone flying across a protest...
— Ian Beer (@i41nbeer) December 1, 2020
Thankfully, Beer says that he has not found any evidence of this vulnerability being used in public. The developer is also asking to work with Apple to patch the issue through their Bug Bounty Program and has committed to donating any money made from the program to charity.