Big iPhone Breach Possibility

Ever watch that movie, or play that video game, about the hacker who can instantly take over someone’s device without touching it at all? Those scenes are typically unrealistic. But every once in a while, a real life hack makes them seem possible.

Google Project Zero security researcher Ian Beer has reveled that until May, a variety of Apple iPhones and other iOS devices were vulnerable to an incredible exploit that could let attackers remotely reboot and take complete control of their devices from a distance. Including reading emails and other messages, downloading photos, and even potentially watching and listening to you through the iPhone’s microphone and camera.

How is such a thing even possible? Why would an iPhone even listen to a remote hacking attempt? According to Beer, that’s because today’s iPhones, iPads, Macs and Watches use a protocol called Apple Wireless Direct Link (AWDL) to create mesh networks for features like AirDrop (so you can easily beam photos and files to other iOS devices) and Sidecar (to quickly turn an iPad into a secondary screen). Not only did Beer figure out a way to exploit that, he also found a way to force AWDL to turn on even if it was left off previously.

While Beer says he has “no evidence that these issues were exploited in the wild” and admits it took him six whole months to sniff out, verify, and demonstrate this exploit and while it’s been patched as of May he suggests we shouldn’t take the existence of such a hack lightly:

The takeaway from this project should not be: no one will spend six months of their life just to hack my phone, I’m fine. Instead, it should be: one person, working alone in their bedroom, was able to build a capability which would allow them to seriously compromise iPhone users they’d come into close contact with.

Eerie stuff.

Apple doesn’t dispute the exploit existed, and in fact cites Beer in the changelogs for several of its May 2020 security updates that are linked to the vulnerability. The company does point out that most iOS users, by far, are already using newer versions of iOS that have been patched and suggests that an attacker would have needed to be within Wi-Fi range for it to work.

At Dallas Network Services, we work with a large variety of businesses based in Dallas and Fort Worth (DFW) and the surrounding area such as Addison, Plano, Carrollton, Denton, Richardson, Garland and beyond. We also extend our reach outside the area to include all Texas and other states. We provide on premise server support including Microsoft Exchange as well as Cloud computing services and hosted solutions. We specialize project services, network support, desktop support and voice over IP (VoIP) business phones. Our fully managed IT services will improve your business reliability as well as your bottom line. Contact us today at www.dallasnetworkservices.com chat or call 214-696-6630. #DNS#dallasnetworkservices#techsupport#hacker#cybersecurity#MSP