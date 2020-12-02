Ian Beer from the Project Zero team at Google discovered a major security flaw in iOS that allows data to be accessed from any iPhone. This applies to photos, videos, emails or messages. It is also possible to (partially) take control of the phone. The owner of the iPhone is of course not aware that a hacker is accessing their data.

The iOS bug in action on the iPhone

The iOS bug is at the AWDL level. This is an Apple system that enables a P2P connection between devices like iPhones. It is used specifically for AirDrop, Sidecar and other things. Ian Beer explains that he discovered the bug in an iOS beta that saw the light of day in 2018 and was still relevant this year.

The team member from Project Zero therefore analyzed the code and was able to exploit the vulnerability. It took him six months to get a result that would allow access to data from an iPhone. This requires a Raspberry Pi 4B and two Wi-Fi adapters. In the following demonstration, kernel memory corruption is triggered remotely. This will force the iPhones to restart.

“AWDL is activated by default and exposes a large and complex attack surface to anyone in the vicinity of the radio,” explains the researcher. “With special devices, the radio range can be several hundred meters or more,” he adds. It states that it will manage to force AWDL to be enabled if the technology is disabled on the device.

In this case, there are two positive points of the loophole through which an iPhone’s data can be accessed. The first is that a fix has already been in place since iOS 13.5. The second is that no hackers exploit this vulnerability. At least that’s what Ian Beer says.