Patched iOS vulnerability would have let users seize control of iPhones over Wi-Fi

By

Airdrop ios iPad iPhone
Vulnerability relied on the tech that makes AirDrop work
Photo: Charlie Sorrel/Cult of Mac

A security vulnerability patched by Apple earlier this year could have allowed users to remote access an entire iPhone over Wi-Fi without the need for any user interaction, a security researcher has revealed.

Ian Beer, a researcher at Google’s vulnerability research unit Project Zero, shared details of the vulnerability Tuesday. He spent six months developing proof-of-concept exploits to prove its effectiveness. Fortunately, he doesn’t believe a similar exploit was ever utilized by hackers in the wild.

A potentially devastating vulnerability

Beer shares details of the vulnerability in a 30,000-word blog post he published this week. It describes the way that an attacker could remotely access an iPhone using bad Wi-Fi packets. They could potentially use this to spy on users or any range of other activities.

The hack works by tapping into a vulnerable buffer overflow in a driver for Apple’s proprietary AWDL mesh networking protocol. That’s the tech that allows Airdrop to work.

“Imagine the sense of power an attacker with such a capability must feel,” Beer noted. “As we all pour more and more of our souls into these devices, an attacker can gain a treasure trove of information on an unsuspecting target.”

Of the several exploits Beer developed, the worst could have allowed an attacker to fully gain access to a user’s personal data. That would include their emails, photos, messages, passwords, and any crypto keys stored in their keychain. The attacks would work only on devices within Wi-Fi range.

Apple’s Bug Bounty

Apple fixed the flaw prior to iOS 13.5 back in May. Although this only covers users who have installed the necessary patch, Apple’s user base has a good track record when it comes to upgrading to new versions of iOS.

While vulnerabilities do occasionally slip through the cracks, Apple has taken steps to improve its vulnerability-patching approach. Last summer, Apple introduced its new, improved bug bounty program at the Black Hat conference in Las Vegas. Apple will pay up to $1 million for the discovery of certain vulnerabilities in its software. A $1 million reward requires a person to discover a zero-click, full chain kernel code execution attack. A $500,000 reward is given for a discovered network attack requiring no user interaction. Apple will hand out a 50 percent bonus for vulnerabilities found in software prior to its widespread release.

Via: ArsTechnica