Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

This zero-click iOS exploit could let hackers hijack your iPhone

Image Description

A Google Project Zero researcher has discovered an iOS exploit that allows a threat actor to remotely take over an individual’s iPhone. The vulnerability, which has now been patched, put sensitive corporate information stored on business smartphones at risk, as well as a substantial amount of personal data too.

The vulnerability enabled hackers to remotely take control of some iPhone and other iOS devices, allowing them to read messages, view images – essentially, monitor everything taking place – as long as the device was in relatively close proximity. 

The exploit, which is explained in painstaking detail here, was discovered by Project Zero researcher Ian Beer by taking advantage of the Apple Wireless Direct Link protocol used to create mesh networks for features like AirDrop and Sidecar.

“In this demo, I remotely trigger an unauthenticated kernel memory corruption vulnerability which causes all iOS devices in radio-proximity to reboot, with no user interaction,” Beer explained. “Over the next 30,000 words, I'll cover the entire process to go from this basic demo to successfully exploiting this vulnerability in order to run arbitrary code on any nearby iOS device and steal all the user data.”

Taking remote control

Admittedly, it did take Beer six months to exploit the iPhone flaw, but the researcher argues that this shouldn’t give Apple, or any iPhone owners, much cause for comfort. 

Plenty of other threat actors will have greater resources and knowledge at their disposal, potentially enabling a faster turnaround. He also theorizes that directional antennas and higher transmission powers could greatly increase the viable range of such attacks.

Apple security updates released earlier this year have now patched the vulnerability in question and users of most recent iOS releases will be protected. 

However, although there is no evidence that this iPhone flaw was ever exploited in the wild, the discovery is still a worrying development – particularly for Apple, which prides itself on its security credentials.

Via The Verge

Date

02 Dec 2020

Sources


Share


Other Blog

  • Looking for an HP Laserjet P1102W replacement? Check this one out

    A stellar replacement for HP's decade-old machine.

    Read More
  • The Asus ExpertCenter D700SA weds portability, rugedness, and upgradeability

    Latest business-oriented SFF desktop from Asus can be upgraded to your heart's content.

    Read More
  • This Monoprice Dark Matter 34 deal makes one of the best value gaming monitors so much better

    The Monoprice Dark Matter 34 is an excellent gaming monitor for the price, and a huge discount makes it a stunning value.

    Read More
  • Google Chrome update fixes another worrying security flaw

    Another zero-day Chrome flaw has been discovered, but Google is quickly up to speed.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us