iPhone zero-click Wi-Fi exploit is one of the most breathtaking hacks ever

Before Apple patch, Wi-Fi packets could steal photos. No interaction needed. Over the air. …

The screen on the iPhone 12 Pro Max

Enlarge / That’s a lot of screen.
Samuel Axon

reader comments

47 with 39 posters participating

Earlier this year, Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bug in the iOS kernel that gave attackers remote access to the entire device—over Wi-Fi, with no user interaction required at all. Oh, and exploits were wormable—meaning radio-proximity exploits could spread from one near-by device to another, once again, with no user interaction needed.

This Wi-Fi packet of death exploit was devised by Ian Beer, a researcher at Project Zero, Google’s vulnerability research arm. In a 30,000-word post published on Tuesday afternoon, Beer described the vulnerability and the proof-of-concept exploit he spent six months developing single handedly. Almost immediately, fellow security researchers took notice.

Beware of dodgy Wi-Fi packets

“This is a fantastic piece of work,” Chris Evans, a semi-retired security researcher and executive and the founder of Project Zero, said in an interview. “It really is pretty serious. The fact you don’t have to really interact with your phone for this to be set off on you is really quite scary. This attack is just you’re walking along, the phone is in your pocket, and over Wi-Fi someone just worms in with some dodgy Wi-Fi packets.”

Beer’s attack worked by exploiting a buffer overflow bug in a driver for AWDL, an Apple-proprietary mesh networking protocol that makes things like Airdrop work. Because drivers reside in the kernel—one of the most privileged parts of any operating system—the
AWDL flaw had the potential for serious hacks. And because AWDL parses Wi-Fi packets, exploits

Continue reading – Article source

Similar Posts: