{"id":20310,"date":"2020-12-30T10:49:05","date_gmt":"2020-12-30T06:49:05","guid":{"rendered":"https:\/\/techxmedia.com\/?p=20310"},"modified":"2025-04-18T00:21:18","modified_gmt":"2025-04-17T20:21:18","slug":"iphone-hack-allowed-device-takeover-via-wifi","status":"publish","type":"post","link":"https:\/\/techxmedia.com\/en\/iphone-hack-allowed-device-takeover-via-wifi\/","title":{"rendered":"iPhone hack allowed device takeover via WiFi"},"content":{"rendered":"\n
Authored by Amer\u00a0Owaida, Security Writer at ESET<\/strong><\/h6>\n\n\n\n

Earlier this year, Apple <\/a>patched a severe security loophole in an iOS feature that could have allowed attackers to remotely gain complete control over any iPhone <\/a>within Wi-Fi range. However, details about the flaw, which was fixed months ago, were sparse until now.<\/p>\n\n\n\n

In a blog post of no fewer than 30,000 words<\/a>, Google Project Zero researcher Ian Beer described how, over a six-month period, he created a radio-proximity exploit that would grant him total control over an iPhone <\/a>in his vicinity. The exploit allowed him to access all the data stored on the device, including photos, emails, private messages, Keychain passwords, as well as monitor everything happening on the device in real time.<\/p>\n\n\n\n

The vulnerability was wormable for good measure, hence any attacks exploiting it could have spread from device to device with no need for user interaction. Beer, however, added that there was no evidence to suggest that the vulnerability was ever exploited in the wild.<\/p>\n\n\n\n

The flaw resides in the Apple Wireless Direct Link (AWDL) protocol, which is used for peer-to-peer network communications between iOS devices and powers features like AirDrop or SideCar. Beer described it as \u201ca fairly trivial buffer overflow programming error in C++ code in the kernel parsing untrusted data, exposed to remote attackers.\u201d He also went on to add that the whole exploit uses just a single memory corruption vulnerability, which he exploited to compromise a flagship iPhone<\/a> 11 Pro device.<\/p>\n\n\n\n

Beer also shared a video demonstrating the attack:<\/p>\n\n\n\n

https:\/\/youtu.be\/_sTw7GGoJ6g<\/a><\/p>\n\n\n\n

In a series of tweets<\/a>, Beer also explained that the range and distance of the attacks could be extended using readily available equipment:<\/p>\n\n\n\n

\u201cAWDL is enabled by default, exposing a large and complex attack surface to everyone in radio proximity. With specialist equipment the radio range can be hundreds of meters or more. You don\u2019t need a fancy setup though. This exploit just uses a Raspberry Pi and two off-the-shelf WiFi adaptors for a total cost under $100.\u201d While AWDL is enabled by default, Beer also found a way to remotely enable it even if it was off, utilizing the same attack.<\/p>\n\n\n\n

Beer reported the vulnerability to Apple<\/a> a year ago, almost to the day. The flaw was fixed as CVE-2020-3843<\/a> in iOS 13.1.1\/MacOS 10.15.3 in January of this year, said Beer. It\u2019s safe to say that a vast majority of iOS users run one of the system\u2019s newer versions, as also confirmed by Apple for The Verge<\/a>. At any rate, if you haven\u2019t done so far, do yourself a favor and apply the updates as soon as possible.<\/p>\n\n\n\n

Apple <\/a>also patched three actively exploited zero-day flaws<\/a> last month, which were also, incidentally, reported by Google Project Zero researchers.<\/p>\n","protected":false},"excerpt":{"rendered":"

The vulnerability was wormable for good measure, hence any attacks exploiting it could have spread from device to device with no need for user interaction.<\/p>\n","protected":false},"author":8,"featured_media":10986,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1595,9621],"tags":[6007,1670,6005,6009,605,6008,6006],"contributor":[],"class_list":["post-20310","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","category-emerging-technologies","tag-airdrop","tag-apple","tag-awdl","tag-beer","tag-iphone","tag-raspberry-pi","tag-sidecar"],"featured_image_src":"https:\/\/techxmedia.com\/en\/wp-content\/uploads\/2020\/09\/Amer-Owaida-Security-Writer-at-ESET-1.jpg","author_info":{"display_name":"Rabab","author_link":"https:\/\/techxmedia.com\/en\/author\/rabab\/"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts\/20310","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/comments?post=20310"}],"version-history":[{"count":0,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts\/20310\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/media\/10986"}],"wp:attachment":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/media?parent=20310"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/categories?post=20310"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/tags?post=20310"},{"taxonomy":"contributor","embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/contributor?post=20310"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}