Security researcher spent six months working on the wireless hack
Ian Beer, a security research from Google Project Zero, this week announced his discovery of a bug that let him remotely tap into iPhones and view their contents, including photos and messages.
Patched by Apple in May, Beer says he has no evidence of the exploit being used maliciously. But that shouldn't take away from the magnitude of what has happened here.
Using the exploit Beer discovered, he was able to remotely access any iPhone within Wi-Fi range (generally dozens of feet). He could then do whatever he liked with the target iPhone, such as view messages and emails, download photos, or simply turn it off.
Using a Raspberry Pi computer and off-the-shelf Wi-Fi adaptors, Beer demonstrates his hack in the videos below. The exploit is focused on Apple Wireless Direct Link (AWDL), which Apple devices use to create wireless mesh networks between themselves.
These networks allow features like AirDrop, where files like images can easily be sent between Apple devices on the same Wi-Fi network. The AWDL protocol is used by iPhones, iPads, Macs and the Apple Watch.
But for his hack, Beer said the target iPhone doesn't need to be connected to a Wi-Fi network. As long as its Wi-Fi function is switched on, he was able to gain access and steal data, such as photographs. Over the course of around five minutes, Beer demonstrates below how the target iPhone is completely unaffected by the hack, with the display not changing at all and there being no evidence of the hack taking place.
It is even possible to run the attack on an iPhone that is locked, so long as it has been unlocked at least once since last switched on. Additionally, the exploit is "wormable", meaning it can be passed along from one iPhone to another.
Beer said: "Imagine the sense of power an attacker with such a capability must feel. As we all pour more and more of our souls into these devices, an attacker can gain a treasure trove of information on an unsuspecting target."
He also said that, while his exploit "is pretty rough around the edges," a modified version could run the attack "in a handful of seconds."
The security research goes into exhaustive detail about the exploit in this 30,000-word blog post. Although he admits it took him six months to make this hack work, and Apple patched the vulnerability in May with an iOS 13.5 update, Beer warns against complacency.
"The takeaway from this project should not be: no one will spend six months of their life just to hack my phone, I'm fine. Instead, it should be: one person, working alone in their bedroom, was able to build a capability which would allow them to seriously compromise iPhone users they'd come into close contact with."
The good news here is that the majority of iPhone users regularly update their software, so there should be very few handsets still running a version of iOS that can be exploited by Beer's discovery.