A security researcher claimed that zero-click WiFi exploit is one of the most notorious iPhone hacks right now. This iOS flaw, he said, enables cybercriminals to control and access nearby iPhones, thanks to AWDL, a proprietary Apple wireless mesh networking protocol.
(Photo : Photo by Chung Sung-Jun/Getty Images)
A South Korean man experience Samsung Electronics Galaxy Note 8 smartphone at its shop on August 25, 2017 in Seoul, South Korea. Prosecutors are seeking a 12-year jail sentence. Lee, de facto chief of South Korean conglomerate, faces five charges connecting the bribery scandal involving ousted former President Park Geun-hye and her confidant Choi Soon-sil. The verdict affects the business of Samsung, which has launched new Galaxy Note 8 smartphone to wipe out the misery of exploding Note 7 last year.
According to Apple Insider‘s latest report, Ian Beer, a member of Google’s Project Zero team, explained that the newly discovered scheme allows hackers to access photos, messages, real-time device monitoring, and emails.
Because of its ability, Apple patched this vulnerability since it gives hackers remote access to the entire device. What makes this more dangerous is that it only needs a WiFi connection and doesn’t require any user interaction.
Beer spent six months developing the exploit
Ars Technica reported that it took Beer six months to single-handedly develop the new exploit. He described the vulnerability and the proof-of-concept exploit in a 30,000-word post he published on Tuesday, Nov. 1.
(Photo : Photo by Justin Sullivan/Getty Images)
The new iPhone 5S with fingerprint technology is displayed during an Apple product announcement at the Apple campus on September 10, 2013 in Cupertino, California. The company launched the new iPhone 5C model that will run iOS 7 is made from hard-coated polycarbonate and comes in various colors and the iPhone 5S that features fingerprint recognition security.
Because of its severity, many security researchers immediately took notice. “This is a fantastic piece of work,” said Chris Evans, Project Zero’s founder, executive, and semi-retired researcher, via Ars Technica.
“It really is pretty serious. The fact you don’t have to really interact with your phone for this to be set off on you is really quite scary,” he added.
Evans explained that a hacker can use WiFi to import worms in a user’s device, even if it is in their pockets.
How Zero-Click WiFi exploit works
The new vulnerability works by importing a buffer overflow in a driver for AWDL. Since these drivers are located in your iPhone’s kernel, an extremely privileged part of any smartphone system, the flaw could lead to serious attacks.
What’s alarming is that the zero-click WiFi exploit works over the air, making it more difficult for users to notice the attack. Beer said that a hacker can use this exploit to acquire sensitive user data without getting detected.
For more news updates about security vulnerabilities, always keep your tabs open here at TechTimes.
This article is owned by TechTimes.
Written by: Giuliano de Leon.
ⓒ 2018 TECHTIMES.com All rights reserved. Do not reproduce without permission.