Unknown persons can launch zero-click remote access on your iPhone and drop a malicious payload or steal important data from your phone using an iOS Wi-Fi exploit.
A newly discovered iOS Wi-Fi exploit may allow others to access your iPhone remotely without your knowledge. Using the exploit, unscrupulous individuals can launch zero-click remote access and steal important information from your phone, including bank and personal details. They can also leave a malicious or destructive payload on your phone, which may activate at a certain time or point.
The zero-click attack is a type of strike that does not require human intervention. In fact, it completely gets rid of the human element from the equation. It relies instead on hardware or software flaws to gain access to a device and steal information or drop a sketchy payload without the knowledge of the device owner. In Apple's case, the iOS Wi-Fi exploit exposes your iPhone to zero-click remote access without your knowledge.
Apple immediately moved to patch the exploit before others take advantage of the vulnerability. Ian Beer, a security researcher and a member of Project Zero team at Google discovered the iOS Wi-Fi exploit, which would have allowed hackers to perform zero-click remote access on nearby iPhones and control them using AWDL, Apple's proprietary wireless mesh networking protocol, all without the user's knowledge. The AWDL system allows remote access to messages, emails, real-time device monitoring systems, text messages, and many more.
According to the comprehensive technical information posted on the Project Zero blog on Tuesday, Beer discovered the tool behind the exploit in a 2018 iOS beta. Apple revealed the beta might have been accidentally shipped with intact function name symbols related to the kernel cache. After fiddling with Apple's code, Beer stumbled upon the AWDL, the primary technology that powers Sidecar, AirDrop, and other tentpole connectivity functions. Beer said that with the iOS Wi-Fi exploit, hackers can immediately perform a zero-click attack and remote access your iPhone.
Using the AWDL flaw, Beer designed an iOS Wi-Fi exploit and built a zero-click attack platform consisting of two Wi-Fi adapters and a Raspberry Pi 4B adapter. "AWDL is enabled by default, exposing a large and complex attack surface to everyone in radio proximity. With specialist equipment, the radio range can be hundreds of meters or more," according to Beer's post on Twitter. He also explained that part of the exploit includes forcing Apple's AWDL to go active even if it was switched off. With such an exploit, it is possible for a drone flying over a mass gathering of people to collect private information from unsuspecting users.
While AWDL is a "great" technology that paves the way for "ground-breaking" peer-to-peer connection solutions, Beer said that having such a flaw, which results in an iOS Wi-Fi exploit that allows hackers to create zero-click attack platforms to remotely access iPhones without your knowledge, means there is still a need to fine-tune the security of the code. "Unfortunately the quality of the AWDL code was at times fairly poor and seemingly untested," Beer said.
