The Worst Security Hole Of The iPhone: Allowed Remote Code From A Distance


One of the updates for the iPhones sold in Spain this year was actually more important than Apple hinted; it was possibly the most necessary patch in the history of the smartphone.


This is what Ian Beer, security researcher, has revealed this week in an article in which he explains how he managed to bypass all the barriers imposed by Apple, to take control of any iPhone from a distance.


Beer is part of Project Zero, a division of Google created with the mission of finding vulnerabilities and bugs throughout the Internet; is an elite team, with the freedom to find bugs in any software and make their discoveries public, even if they are not fixed.



iPhone Crash

That is not the case of the bug that Beer found in iOS, since Apple released an update this year that solves the problem discovered; And we have to say that thank goodness, because if it had been made public, we would be facing a disaster of gigantic proportions.


The flaw discovered by Beer allowed an attacker to take complete control of the iPhone, without having to have physical access to the device, and even without the need for the user to do anything.


For practical purposes, this hole allowed anyone to control our mobile, without us realizing it, not only obtaining data, but also installing malware and ultimately, anything we can do on our iPhone.



Hole In The Net

The bug is found in AWDL, a network protocol developed by Apple for mesh networks, or 'mesh' networks. In this type of network, each device serves as a node and can communicate with each other, instead of making connections through the central router.


In the case of AWDL, this is used for features like Airdrop, which allows the user to send files between devices; for example, to send photos between two iPhones, or to continue browsing a web page from the computer.


MUST READ: Apple iPhone Not Secure Has You Thought 


The discovered bug is of the 'buffer overflow' type, whereby the attacker gets the memory used by a program to be exceeded. Specifically, the attack consisted of sending packets through the Wi-Fi network, until the overflow was achieved; once this was achieved, and since AWDL works at the operating system's kernel level, the attacker gained access to the entire system.


In Beer's words, the "feeling of power" that the attacker must have at that moment is unimaginable. Without the user doing or suspecting anything, it was possible to do anything on any iPhone; It only took a small computer, like a Raspberry Pi with a Wi-Fi adapter, so it was also a cheap attack.



Fortunately, Apple fixed this problem, in an update that is suspected to have been installed just before the launch of the COVID-19 tracking system in May of this year.


Therefore, the vast majority of affected iPhones should already be up to date; But if you have an iPhone without updating, it is recommended that you allow the installation as soon as possible. In addition, the researcher claims that he has not found evidence that this vulnerability has been exploited by anyone.


This may be the most important security bug discovered on the iPhone; Ironically, the last such case was also discovered by Google, when in 2019 it revealed that iPhones had been hacked for years.

Previous Post Next Post