Google Project Zero showed how you can break into the iPhone at a distance.You don't even have to touch it.Just use the gap in Airdrop, used to wirelessly send files between Apple devices.
I will immediately point out that not every iPhone and iPad have this gap.On the contrary - it has a minority using an older iOS system.There are many indications that if you have an update installed from May 2020, your device cannot be so easily taken over.However, if not ...
iPhone without control
Exploit presented by Ian Beer from Google Project Zero looks like a movie scene.The attackers can restart the iPhone, and then read the post office and messages, download photos, overheat and watch.
See: Google Project Zero in action: GitHub has a serious problem: Google detects a critical gap in Windowszobacz: Google Zero: Luka has exposed Samsung smartphones since 2014
iPhone, iPad, Mac and Apple Watch use the Apple Wireless Direct Link protocol to create a skeletal network for such services as AIRDROP or SIDECAR (Possibility of connecting iPad as an external screen to Mac).For the services to work properly and quickly establish a connection, the devices constantly listen in anticipation of new connections.Beer has found a way to overload the protocol, even if Airdrop is not enabled in the iPhone settings.It is enough that the attacked device is within the range of a harmful Wi-Fi network.Such a network can be created by Raspberry Pi with a standard Wi-Fi adapter.
Terrible, right?The attack resembles the classic Denial of Service (DOS).In the next film, Beer showed more details of the attack, carried out at a distance.
Ian Beer developed this exploit himself.It took him half a year, but he finally showed that it is possible, although no real use of such an attack was registered.If it calms you down ... think about the matter.One guy working alone in the comfort of his home can break into your phone.He doesn't have to get closer to you.This time
Apple acknowledged the notification, but noted that most users already have a May security update, so they are safe.
Chcesz być na bieżąco? Obserwuj nas naGoogle NewsSource of photos: Apple
Text source: Google Project Zero
Tagi:appleddosexploitiosproject zerogoogleairdrop