Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iOS Wi-Fi Exploit Could Have Let Hackers Remotely Access Nearby iPhones

apparatchik said:
It does, a bit, but then again the target is always moving, by the time a hack is polished for, say, 13.1 most of the time a vast majority of the user base has moved on to the next version of the OS, requiring the user to simply let the phone update overnight to make it safe to the hack... then again, some hacks are hardware related in which context is easier to target Apple devices than the myriad of Android hardware combinations. Also, iOS users are more attractive targets as they are the upper scale of the market.
Click to expand...
Yeah, doesn’t really hold water. 10 million devices, all on Android OS 4 with an existing exploit that can’t be updated without buying a new phone is STILL 10 million devices, all on Android OS 4 with an existing exploit that can’t be updated without a new phone regardless of the fact there may be other groups of phones at other OS levels. I mean, since OS vulnerabilities are generally in multiple versions of the software, the fact that you’ve got a lot of different versions of an OS doesn’t matter if 80% of those versions have the SAME exploit (80% of a huge number is still a huge number)! In fact, right now, there’s very likely more Android phones using an old insecure OS than there are of iPhones, in total :) I don’t KNOW this, but Android sells so many more phones than Apple, it makes sense, right?

The statement’s either ignorant or willfully ignorant, but not something that would be said by anyone WITHOUT some axe to grind :) Now, if you say hackers focus on iPhones because the users in general have more money to swipe, that’s more intellectually sound.
 
  • Like
Reactions: t1meless1nf1n1t and centauratlas
Isn't there a fundamental conflict of interest with Google's Project Zero?

I get that it's useful for researchers to discover these things, and many tech companies pay bug bounties for finding them, but Project Zero is dedicated exclusively to finding flaws in rivals' products.

Project Zero reports these flaws to the company concerned, and starts the timer ticking: you have 30(?) days to fix this before we release it to the public.

While that's a great incentive to fix things immediately, it's the way Project Zero takes the acclaim afterwards that I find problematic. If the aim is simply to improve online security for everyone, they would not need to write 30,000 words about it later. The "look how clever we are" part smacks of self-promotion, and the "see how easy it was to hack our rival" seems like a PR move designed to boost Google while knocking holes in a competitor.
 
  • Disagree
Reactions: freedomlinux
It would be nice if Apple took year or two on their operating systems to just do bug fixes / security updates vs. adding low value features. While no OS can ever be 100% secure I think at some point they need to pause, secure/fix, then worry about new bells and whistles.
 
  • Like
Reactions: Lazy
MacRumors said:


Earlier this year, Apple patched an iOS vulnerability that potentially could have allowed hackers to remotely access a nearby iPhone and gain control of the entire device.

awdl-ios-hack-beer.jpg

Devised by Ian Beer, a researcher at Project Zero, Google's vulnerability research team, the exploit used a vulnerability in Apple Wireless Direct Link (AWDL), Apple's proprietary mesh networking protocol that enables things like AirDrop and Sidecar to work.

Beer revealed the stunning exploit on Tuesday in a 30,000-word blog post, which shows in detail how a memory corruption bug in AWDL could give attackers remote access to a user's personal data, including emails, photos, messages, and passwords and crypto keys stored in the keychain.

The vulnerability was discovered by Beer in a 2018 iOS beta that Apple accidentally shipped without stripping function name symbols from the kernelcache, offering a wealth of missing context about how bits of code fit together.

After lengthy investigative work, Beer was able to find code related to AWDL, identify the vulnerability, and target it remotely using a laptop, a Raspberry Pi 4B and a couple of Wi-Fi adapters.

It took six months for Beer to develop the exploit, but by the time he was finished he was able to hack any iPhone that was in radio proximity, run arbitrary code on it, and steal all the user data.

Beer says he has no evidence that the issues he uncovered were exploited in the wild, but "we do know that exploit vendors seem to take notice of these fixes."

Apple patched the vulnerability in May with the release of iOS 12.4.7 and iOS 13.3.1, and actually cites Beer in changelogs for several security updates. Apple said that the vast majority of users are already on newer versions of iOS that have been patched.

Article Link: iOS Wi-Fi Exploit Could Have Let Hackers Remotely Access Nearby iPhones
Click to expand...

Hi Tim Hardwick ...

The title reads odd "iOS Wi-Fi Exploit Could Have Let Hackers Remotely Access Nearby iPhones" (could have let) reads a bit weird?
 
MacRumors said:


Earlier this year, Apple patched an iOS vulnerability that potentially could have allowed hackers to remotely access a nearby iPhone and gain control of the entire device.

awdl-ios-hack-beer.jpg

Devised by Ian Beer, a researcher at Project Zero, Google's vulnerability research team, the exploit used a vulnerability in Apple Wireless Direct Link (AWDL), Apple's proprietary mesh networking protocol that enables things like AirDrop and Sidecar to work.

Beer revealed the stunning exploit on Tuesday in a 30,000-word blog post, which shows in detail how a memory corruption bug in AWDL could give attackers remote access to a user's personal data, including emails, photos, messages, and passwords and crypto keys stored in the keychain.

The vulnerability was discovered by Beer in a 2018 iOS beta that Apple accidentally shipped without stripping function name symbols from the kernelcache, offering a wealth of missing context about how bits of code fit together.

After lengthy investigative work, Beer was able to find code related to AWDL, identify the vulnerability, and target it remotely using a laptop, a Raspberry Pi 4B and a couple of Wi-Fi adapters.

It took six months for Beer to develop the exploit, but by the time he was finished he was able to hack any iPhone that was in radio proximity, run arbitrary code on it, and steal all the user data.

Beer says he has no evidence that the issues he uncovered were exploited in the wild, but "we do know that exploit vendors seem to take notice of these fixes."

Apple patched the vulnerability in May with the release of iOS 12.4.7 and iOS 13.3.1, and actually cites Beer in changelogs for several security updates. Apple said that the vast majority of users are already on newer versions of iOS that have been patched.

Article Link: iOS Wi-Fi Exploit Could Have Let Hackers Remotely Access Nearby iPhones
Click to expand...
I'll be sure to socially distance from the guy with the wifi routers strapped to his laptop lol
 
  • Haha
  • Like
Reactions: anujayan and centauratlas
gnasher729 said:
This was fixed in iOS 12.4.7. The latest iOS 12 version is iOS 12.4.9. It can be installed on an iPhone 5s, iPhone 6, and iPhone 6+. All later phones, starting with iPhone 6s, can run iOS 13 and iOS 14, which also fix the problem.
Click to expand...
Does Apple still sign those? i thought if a device did not get that latest iOS x version in time, basically you are toast.
 
I cannot find what versions of iOS this impacts (other than some 12.x and 13.x versions). How far back does it go?

It's fixed on all iPhone models made in the past 7 years (iPhone 5S and newer, iOS 12.4.7 and newer). What about iOS 10/9/7/6? (from the past few iPhone models) Are those iOS versions or devices even vulnerable?
 
garnerx said:
Isn't there a fundamental conflict of interest with Google's Project Zero?

I get that it's useful for researchers to discover these things, and many tech companies pay bug bounties for finding them, but Project Zero is dedicated exclusively to finding flaws in rivals' products.

Project Zero reports these flaws to the company concerned, and starts the timer ticking: you have 30(?) days to fix this before we release it to the public.

While that's a great incentive to fix things immediately, it's the way Project Zero takes the acclaim afterwards that I find problematic. If the aim is simply to improve online security for everyone, they would not need to write 30,000 words about it later. The "look how clever we are" part smacks of self-promotion, and the "see how easy it was to hack our rival" seems like a PR move designed to boost Google while knocking holes in a competitor.
Click to expand...
Consider that Google uses Apple products (both ios and macOS) provided to employees if they choose an Apple stack...then consider why Google might be interested in Apple vulnerabilities.
Still not convinced?
Project Zero are well respected within the security community. Ian Beer has a long history of cracking iOS, chaining exploit after exploit. Apple is lucky that he is getting paid by Google and not the black market. Project Zero has cracked cpus, cloudflare and Windows and their own Chrome.
 
  • Like
Reactions: freedomlinux
killawat said:
Consider that Google uses Apple products (both ios and macOS) provided to employees if they choose an Apple stack...then consider why Google might be interested in Apple vulnerabilities.
Still not convinced?
Project Zero are well respected within the security community. Ian Beer has a long history of cracking iOS, chaining exploit after exploit. Apple is lucky that he is getting paid by Google and not the black market. Project Zero has cracked cpus, cloudflare and Windows and their own Chrome.
Click to expand...
Sure, it just seems strange to me. It's like if Ford was conducting its own crash testing on Tesla cars and then shouting about the results every time they found a problem.

It seems like the kind of thing that should be done by an independent agency rather than by a commercial rival. Project Zero may well have found a few things in Chrome or elsewhere, and that helps generate an aura of impartiality, but as far as I know Apple, Microsoft and other companies getting probed by Project Zero are not actively finding and publicising Google's security holes.

You can't deny that there's incredible value for Google in telling the world that Apple's flagship product, which is marketed on its privacy and security, could be hacked in seconds over wi-fi. Google wouldn't be running this department if there wasn't profit in it - that's what makes me suspicious of them.
 
  • Disagree
Reactions: freedomlinux
kstotlani said:
There was an interesting conversation between Joe Rogan and Snowden. Snowden mentioned that Android’s fragmentation makes it difficult for hackers because there are so many versions across thousands of different devices. It’s hard to concentrate and develop exploits for such variety. Hackers would rather concentrate on devices like iPhones where there is likelihood of more devices with the same version of the OS. Makes sense doesn’t it?
Click to expand...
except you need to redo stuff over and over again. whereas exploits in an older release stay put and can be reused. cat and mouse game, i know, but isn't it easier for the cat to snatch a mouse when it falls asleep?
 
garnerx said:
Sure, it just seems strange to me. It's like if Ford was conducting its own crash testing on Tesla cars and then shouting about the results every time they found a problem.

It seems like the kind of thing that should be done by an independent agency rather than by a commercial rival. Project Zero may well have found a few things in Chrome or elsewhere, and that helps generate an aura of impartiality, but as far as I know Apple, Microsoft and other companies getting probed by Project Zero are not actively finding and publicising Google's security holes.

You can't deny that there's incredible value for Google in telling the world that Apple's flagship product, which is marketed on its privacy and security, could be hacked in seconds over wi-fi. Google wouldn't be running this department if there wasn't profit in it - that's what makes me suspicious of them.
Click to expand...

It’s unlikely Google run Project Zero out of the goodness of their heart. But assume your worst case scenario of why they operate, wouldn’t you still rather they did? I would. Every vulnerability they find is another one fixed.
 
garnerx said:
Isn't there a fundamental conflict of interest with Google's Project Zero?

I get that it's useful for researchers to discover these things, and many tech companies pay bug bounties for finding them, but Project Zero is dedicated exclusively to finding flaws in rivals' products.

Project Zero reports these flaws to the company concerned, and starts the timer ticking: you have 30(?) days to fix this before we release it to the public.

While that's a great incentive to fix things immediately, it's the way Project Zero takes the acclaim afterwards that I find problematic. If the aim is simply to improve online security for everyone, they would not need to write 30,000 words about it later. The "look how clever we are" part smacks of self-promotion, and the "see how easy it was to hack our rival" seems like a PR move designed to boost Google while knocking holes in a competitor.
Click to expand...
I think part of the problem with your opinion is it's based on bad information.
Project Zero is not dedicated exclusively to finding flaws in rival products. Not sure where you got that. Their initial goal, hence the name, was to find zero day vulnerabilities. In the course of that work they found more than just zero-days, and expanded the team's goals.

90 days is standard disclosure. The disclosure is there to encourage companies to patch their vulnerabilities in a timely manner. Publication is a vital, vital part of security research. It's a massive part of the foundation of building better security. It facilitates peer review and further related research. Security researchers publish papers on significant discoveries just like other scientists publish papers in their fields. Honestly, your take seem as if you're a bit insecure (pun intended) about Google.
 
  • Like
Reactions: freedomlinux
max2 said:
Nothing can prevent hacking if someone wants to they will. (I know what people are going to think now)

No security is guaranteed or 100%.
Click to expand...
Well I have my Credit card information, all my passwords etc. on my phone. I have this stuff on the phone because I trust it in being safer than easy passwords in my mind or physical credit cards.

So then it also should be safer and Apple should fix this stuff fast for all devices out there. The fact that the FBI asked Apple for support in hacking into an iPhone, and that it took them weeks to get it done themselves after Apple declined highlights the safety of iPhones and iPads today.
 
Sethal said:
What is all the stuff on his laptop? Aside from the hard drive.
Click to expand...
If you read the article, his setup for this exploit uses a Raspberry Pi 4B, a ZyXEL NWD6605 network adapter, and a Netgear A6210 network adapter.
In the end I required two different adaptors to get the features I wanted:
Active monitor mode and frame injection: ZyXEL NWD6605 using mt76x2u driver
Monitor mode (including management and ACK frames): Netgear A6210 using rtl8812au driver
Click to expand...
Also I don't think that's a hard drive- I believe it's a lithium-ion power pack for the Raspberry Pi.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back