A security researcher has managed to build an exploit for iPhones that works via their WiFi connections. This does not require any action on the part of the victim, and the victim won’t realise that someone was trying to get into his phone.
The researcher Ian Beer explained the possibilities of the exploit in an extensive article on the Google Project Zero blog. He worked on the exploit for six months.
For the exploit Beer only used equipment that can be bought off the shelf, like a Raspberry Pi and some wifi equipment. The exploit creates a buffer overflow in the AWDL driver. This is the technology Apple uses for the Airdrop feature in its devices.
Because the AWDL driver resides in the iOS kernel, Beer was able to take control of entire smartphone by hacking the AWDL driver. This allowed him to access photos, e-mails, messages and even passwords stored on the iPhone.
To make matters worse, the exploit is also wormable, meaning that the exploit can jump from one device to another. A hacker is thus able to set up a mesh network of hacked iPhones, which can spread as far as there are iPhones within range of each other.
In a video, Beer shows how he managed to take control of an iPhone that is not connected to a WiFi network but still has it enabled. He manages to steal a photo from the phone, without even being in the same room as the victim.
Bear says that he has no reason to believe that the vulnerability has been exploited by anyone other than him. He claims to have found the exploit himself using reverse engineering. However, he did find one exploit seller who was aware of the bug in the AWDL driver.
Bear demonstrated the vulnerability in iOS 13.3. Apple since patched it with version 13.5 of the mobile operating system. This version was released last spring.