An iPhone exploit gives hackers control over your WiFi
Many security exploits require at least some kind of interaction on your part, but that is no longer the case for an iPhone exploit. Ian Beer, a researcher at Google Project Zero, has detailed an iOS 13 exploit that allows third parties to take control of a device remotely over WiFi. To do this, they use a ‘zero-click’ attack, that is, no input or interaction is required from the target.
The exploit takes advantage of a buffer overflow in a driver for the internal mesh network protocol used for certain functions like AirDrop. As the driver is located in the kernel of the operating system, which has extensive privileges, if they manage to perform a successful hack, it could have serious consequences. An intruder could install an implant that accessed sensitive information like cryptographic keys and photos, for example.
This iPhone exploit could cause significant harm to users
While it wouldn’t have been the easiest thing to try to attack this iPhone exploit, it wouldn’t have been difficult either. Ian Beer used a laptop, a Raspberry Pi 4, and a Netgear WiFi adapter, and was working from home during quarantine. The stealth with which he did it was what worried him the most. A perpetrator could have gotten personal information without your realizing it, at least for as long as there was a place to hide relatively nearby.
Fortunately, Apple fixed the iPhone exploit with its iOS 13.3.1 update, before iOS 13.5 arrived with its COVID-19 contact tracing. It is also unclear if anyone took advantage of the exploit, which would be difficult with so many people working from home during the pandemic. However, this failure could have had serious consequences in apartments and other places where it is difficult to get away from the WiFi of others.