Most smartphone hacks these days, even the most dangerous ones, require some sort of user interaction — tapping on a link, opening a message, installing an app — for the hacker to gain control of the device.
But a particularly nasty iPhone exploit (via Ars Technica) allowed for an attacker to instantly take over someone’s iPhone from a distance, without the need for any user interaction. It’s really as scary as it sounds: Just look at the video of it in action, below.
The exploit was found by security researcher Ian Beer, who works at Google’s Project Zero team. It involves a vulnerability in AWDL, Apple’s protocol that allows iPhones, Macs, and other devices to create peer-to-peer mesh networks, which enable features such as AirDrop and AirPlay.
Finding the exploit was not easy — Beer has a lengthy technical explanation of how he did it, if you’re up for it — but the bottom line was that it allows an attacker to remotely reboot iPhones, and completely take them over after they’ve been rebooted, with access to photos, messages, and other user data.
Check out a demonstration of an attack that uses this exploit in action in the video, below.
Now, the good news: Apple has already patched the exploit in May 2020, meaning that iPhones with the latest security updates are all secure. Also, Beer himself notes he has no evidence that the bug was exploited in the wild.
Still, it’s amazing that one person managed to crack the iPhone’s security in such a complete manner. It begs the question: If one guy can do this on his own, what can a team of paid professionals with a lot of time and resources do?
ที่มา : Mashable