Google Project Zero security researcher Ian Beer shared that he had been able to access an exploit that could have left iPhones vulnerable to attackers even from a distance of 100 meters or more. This includes having hackers gain control of personal data, states The Verge.
In Beer’s blog post posted on Blogspot, the Google Project Zero security researcher said that the zero-click exploit was possible as most of the Apple system today, including iPhones, iPads, Mac computers, and watches all use Apple Wireless Direct Link (AWDL).
According to The Verge, the Apple Wireless Direct Link is a type of protocol that allows the creation of mesh networks. This supposedly facilitates the ability of such devices to send files and documents to other similar devices and to turn an iPad into a secondary screen, as with Sidecar.
This could have also viewed personal data on devices, including photos, emails, and copy all the private messages. The exploit could have also tracked the user’s activities in real-time without having to click on anything, provided the device in question is in the WiFi range.
Endgadget states that the exploit has been conducted on iOS 13. Beer has reportedly gained access to an iPhone device after using a zero-click attack using only WiFi. To determine the extent of the attack, the security researcher used a laptop, a Raspberry Pi 4, and a Netgear WiFi adapter.
Beer worked on the “wormable radio-proximity exploit” for six months during the virus pandemic from home.
Although Apple already addressed the vulnerability by issuing a patch and an update, the tech giant did not deny the existence of the exploit. Instead, The Verge states that the tech giant even acknowledged the Google security researcher for a number of its updates in May of this year.
However, Apple was also quick to point out that while the exploit previously existed, most users have now updated to the newer versions of the iOS. The Verge also states that the tech giant insinuated that in order for the exploit to be executed, a malicious attacker would have to be within a working WiFi range.
While Beer says there has been “no evidence that these issues were exploited in the wild,” the hack’s level of sophistication should not go unnoticed.
In his blog post, Beer said that although a patch has already been made available, the key takeaway should be that “one person, working alone in their bedroom, was able to build a capability which would allow them to seriously compromise iPhone users they’d come into close contact with.”
