Google Project Zero expert Ian Beer has demonstrated an exploit to hack iOS devices over Wi-Fi. The serious iOS vulnerability enables cybercriminals to bypass all the barriers imposed by Apple, to take control of any iPhone without any user interaction.
The underlying critical vulnerability CVE-2020-3843, discovered by the researcher, made it possible to remotely steal sensitive data from any device in the Wi-Fi hotspot and did not require any user interaction.
Bier worked on this exploit for six months and found out that it allows to “view all the photos, read all the email, copy all the private messages and monitor everything which happens on there in real-time.”
The bug is found in Apple Wireless Direct Link (AWDL), a network protocol developed by Apple for mesh networks — for use with AirDrop, AirPlay, and so on. In this type of network, each device serves as a node and can communicate with each other, instead of making connections through the central router.
The bug discovered is of the ‘buffer overflow’ type, whereby the attacker gets the memory used by a program to be exceeded. Specifically, the attack consisted of sending packets through the Wi-Fi network until the overflow was achieved. Once this was done, and since AWDL works at the operating system’s kernel level, the attacker gained access to the entire system.
In Beer’s words, “Imagine the sense of power an attacker with such a capability must feel. As we all pour more and more of our souls into these devices, an attacker can gain a treasure trove of information on an unsuspecting target.”
The video below shows how, using an iPhone 11 Pro, a Raspberry Pi, and two Wi-Fi adapters, the security expert achieved remote reading and writing of random kernel memory. Beer used all of this to inject shellcode into kernel memory through exploiting the victim process, escaping the sandbox, and retrieving user data.
According to Beer, such an exploit could have the potential of a worm, which means it could spread from one device to another “over the air”, and again without user intervention.
Since Apple engineers fixed the problem in the spring of this year — within the framework of iOS 13.3.1, macOS Catalina 10.15.3, and watchOS 5.3.7. Therefore, the vast majority of affected iPhones should already be up to date. But if you have an iPhone with an outdated iOS version, it is recommended that you update it as soon as possible.
In addition, Beer claims that he has not found evidence that this vulnerability has been exploited by anyone.