While most of us were trying to balance childcare with work from home or catching up on our favorite Netflix series, Ian Beer discovered an iOS exploit that would have given hackers total control over phones and devices.
Beer, a security researcher at Google’s Project Zero, spent six months before he finally found, confirmed, and demonstrated the vulnerability. However, he was quick to point out that Apple released a patch for the weakness back in May, adding that he had “no evidence that these issues were exploited in the wild.”
Nonetheless, the researcher says the exploit allowed attackers to remotely reboot phones and grab control of them from a distance. That means that threat actors could have accessed users’ photos, emails, and documents and snooped on them through the device’s microphone and camera. How? Beer explains that today’s iPhones and iPads use the Apple Wireless Direct Link (AWDL) protocol to generate mesh networks for features like AirDrop and Sidecar.
The first allows consumers to easily send (or beam) files to other iOS devices, while the second turns iPads into secondary screens. And according to Beer, the vulnerability lies in the AWDL protocol, which he was able to exploit. He was even able to activate AWDL when it was turned off.
Apple did not challenge Beer’s findings and cited him in the changelogs for it may exploit-related update that fixed the issue. However, the tech giant revealed that the majority of iOS users are using newer software versions that have been patched.
It also added that cybercriminals needed to be within WiFi range to take advantage of the vulnerability and infiltrate users’ devices. Luckily, it appears that threat actors did not exploit it. Otherwise, they would have invaded iOS users’ privacy on a massive level.
VPNs offer an extra layer of security and privacy by rerouting and encrypting users’ Internet traffic, masking their IP addresses, and erasing their activity logs. Streamers can also benefit from these tools to unblock geo-restricted content.