HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » General Discussion (Forum) » iPhone exploit gave hacke...

Wed Dec 2, 2020, 04:28 PM

iPhone exploit gave hackers control over WiFi without your input


Many security exploits require at least some kind of interaction on your part, but that wasn’t true for an iPhone exploit earlier this year. As Ars Technicareports, Google Project Zero researcher Ian Beer has detailed an iOS 13 exploit that let someone remotely control a device over WiFi using a “zero-click” attack — that is, with no input required from the target.

The exploit took advantage of a buffer overflow bug in a driver for the in-house mesh networking protocol used for features like AirDrop. As that driver sits in the operating system’s kernel, which has extensive privileges, a successful hack could have dealt extensive damage. An intruder could have installed an “implant” that accessed sensitive info like cryptographic keys and photos, for instance.

It wouldn’t have been trivial to stage an attack, but it wouldn’t have been difficult, either. Beer used a laptop, a Raspberry Pi 4 and a readily available Netgear WiFi adapter, and he was working from home during a pandemic lockdown. The stealthiness was the greater concern. A perpetrator could have swiped personal data while leaving you completely oblivious, at least as long as there was a reasonably close hiding place.

0 replies, 567 views

Reply to this thread

Back to top Alert abuse

Reply to this thread