Latest in Gear

Image credit: Chris Velazco/Engadget

iPhone exploit gave hackers control over WiFi without your input

Apple has since patched the flaw.
Jon Fingas, @jonfingas
December 2, 2020
Comments
408 Shares
Share
Tweet
Share

Sponsored Links

Apple iPhone SE and iPhone 11
Chris Velazco/Engadget

Many security exploits require at least some kind of interaction on your part, but that wasn’t true for an iPhone exploit earlier this year. As Ars Technica reports, Google Project Zero researcher Ian Beer has detailed an iOS 13 exploit that let someone remotely control a device over WiFi using a “zero-click” attack — that is, with no input required from the target.

The exploit took advantage of a buffer overflow bug in a driver for the in-house mesh networking protocol used for features like AirDrop. As that driver sits in the operating system’s kernel, which has extensive privileges, a successful hack could have dealt extensive damage. An intruder could have installed an “implant” that accessed sensitive info like cryptographic keys and photos, for instance.

It wouldn’t have been trivial to stage an attack, but it wouldn’t have been difficult, either. Beer used a laptop, a Raspberry Pi 4 and a readily available Netgear WiFi adapter, and he was working from home during a pandemic lockdown. The stealthiness was the greater concern. A perpetrator could have swiped personal data while leaving you completely oblivious, at least as long as there was a reasonably close hiding place.

Notice the use of the past tense, however. Apple fixed the flaw in iOS 13.3.1, before iOS 13.5 arrived with COVID-19 contact tracing. It’s also unclear if anyone made use of the flaw in the wild, which might have been difficult with many people working from home. Still, this could easily have been a serious problem in apartments and other places where it’s difficult to stay out of WiFi distance from others.

In this article: iOS, zero-click, hacks, gear, Google, vulnerability, security, Apple, Project Zero, exploit, hack, news, Project Zero Google, phzeal, AirDrop, iphone
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
408 Shares
Share
Tweet
Share

Popular on Engadget

Fox Sports used a Sony A7R IV to give NFL broadcasts a cinematic look

Fox Sports used a Sony A7R IV to give NFL broadcasts a cinematic look

View
HBO Max lists all the devices that can play 'Wonder Woman 1984' in 4K HDR

HBO Max lists all the devices that can play 'Wonder Woman 1984' in 4K HDR

View
SpaceX shows off its Starship test flight one more time

SpaceX shows off its Starship test flight one more time

View
Five must-play games for your new PS5

Five must-play games for your new PS5

View
Apple rolls out lower App Store fees for 'Small Business' developers

Apple rolls out lower App Store fees for 'Small Business' developers

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr