The Google Project Zero initiative is bearing fruit not only in the Android world, one of the security experts working on the project announcing a remarkable discovery, in the form of an iPhone exploit that offers total control over the phone.
Named Ian Beer, the Google expert showed how a vulnerability discovered in the AWDL protocol (Apple Wireless Direct Link) could be used to remotely control the restart of iPhones, iPads and other iOS-based devices, taking full control over them . As if he had the phone in his hand, the attacker could access emails and other messages, download photos stored in the phone’s memory and even spy on the owner by activating the microphone and the camera.
Normally, the AWDL protocol is used for wireless connection to other iOS devices, facilitating fast transfers of photos and other files. The technology also helps connect an iPad as a secondary screen for another device, capturing the displayed image in real time. In other words, Apple has provided hackers with an ideal technology to use to take remote control over iOS devices, leaving only someone to find a vulnerability.
Not only has Google researchers discovered how the AWDL protocol can be exploited, but also a way to force its activation on devices that have turned it off in settings.
Starting from simple suspicions, the researcher needed six months to find a gateway and then demonstrate how iOS devices can be hijacked via the AWDL protocol. The same Ian Beer says that there are no indications that the same exploit was discovered by someone else, respectively, used in real attacks.
Meanwhile, the information communicated directly with Apple allowed the problem to be fixed in great secrecy, the relevant patches being available since May.
Apple does not dispute the existence of this feat, it even takes over Ian Beer’s descriptions in the documentation attached to the security patches published in May 2020. The company points out that most users already use devices updated with iOS versions that do not include this vulnerability. At the same time, for the attack to be successful, the initiator should have been within range of the vulnerable device’s Wi-Fi connection, which excludes the possibility of random attacks.