A gaping security miscalculation left iPhones open to remote hacking, up to and including total device control, according to researchers at Project Zero, a team of security analysts employed by Google. And the hack required absolutely zero physical interaction between the attacker and the phone itself.
Ian Beer, a researcher at Project Zero, was able to create a malicious packet that, once spread to one iPhone via a wireless connection, could then spread to other phones in the area on its own. All thanks to a vulnerability in Apple’s mobile operating system — one that has thankfully been remedied in recent months.
At just over 30,000 words, Beer’s blog post on the vulnerability is truly exhaustive. His approach to the security flaw is systematic and detail-oriented with one major takeaway: even at its most secure, your iPhone is vulnerable. It’s a lesson even the savviest of users would do well to keep in mind.
AirDrop has never been so sinister — It turns out the massive vulnerability — which was patched with iOS 13.5, by the way — is made possible by one of Apple’s flagship features: proprietary connectivity between its devices.
The flaw links back to Apple Wireless Direct Link (AWDL), the networking protocol that allows services like AirDrop and AirPlay to connect before you can blink. AWDL creates a mesh network of sorts that allows your Apple devices to communicate when they’re physically nearby.
Beer was able to create fake AWDL data that, once sent to a nearby iPhone, allowed him to take control over an iPhone 11 Pro in the next room behind a closed door. The implant, Beer says, was able to gain full access to data stored on the vulnerable iPhone.
But didn’t this take six months? — Yes: if there is any bright side to this problem, it’s that Beer needed six months of dedicated work to create a workaround for his theoretical attack. That’s good news in the sense that this probably won’t happen to you unless you happen to live near Project Zero’s researchers.
But Beer hopes this won’t be our only takeaway from his experiment. Instead, he hopes the public will leave with a stronger message: “one person, working alone in their bedroom, was able to build a capability which would allow them to seriously compromise iPhone users they'd come into close contact with.”
He notes as well that a hacker with more powerful equipment or knowledge of Apple’s protocols might be able to create the same malicious packet with much more speed and precision.