A security vulnerability patched by Apple earlier this year could have allowed users to remote access an entire iPhone over Wi-Fi without the need for any user interaction, a security researcher has revealed.
Ian Beer, a researcher at Google’s vulnerability research unit Project Zero, shared details of the vulnerability Tuesday. He spent six months developing proof-of-concept exploits to prove its effectiveness. Fortunately, he doesn’t believe a similar exploit was ever utilized by hackers in the wild.
A potentially devastating vulnerability
Beer shares details of the vulnerability in a 30,000-word blog post he published this week. It describes the way that an attacker could remotely access an iPhone using bad Wi-Fi packets. They could potentially use this to spy on users or any range of other activities.
The hack works by tapping into a vulnerable buffer overflow in a driver for Apple’s proprietary AWDL mesh networking protocol. That’s the tech that allows Airdrop to work.
“Imagine the sense of power an attacker with such a capability must feel,” Beer noted. “As we all pour more and more of our souls into these devices, an attacker can gain a treasure trove of information on an unsuspecting target.”
Of the several exploits Beer developed, the worst could have allowed an attacker to fully gain access to a user’s personal data. That would include their emails, photos, messages, passwords, and any crypto keys stored in their keychain. The attacks would work only on devices within Wi-Fi range.
Apple’s Bug Bounty
Apple fixed the flaw prior to iOS 13.5 back in May. Although this only covers users who have installed the necessary patch, Apple’s user base has a good track record when it comes to upgrading to new versions of iOS.
While vulnerabilities do occasionally slip through the cracks, Apple has taken steps to improve its vulnerability-patching approach. Last summer, Apple introduced its new, improved bug bounty program at the Black Hat conference in Las Vegas. Apple will pay up to $1 million for the discovery of certain vulnerabilities in its software. A $1 million reward requires a person to discover a zero-click, full chain kernel code execution attack. A $500,000 reward is given for a discovered network attack requiring no user interaction. Apple will hand out a 50 percent bonus for vulnerabilities found in software prior to its widespread release.