iPhone Zero-Click Wi-Fi Exploit is One of the Most Breathtaking Hacks Ever
upstart writes in with an IRC submission for Teckla:
iPhone zero-click Wi-Fi exploit is one of the most breathtaking hacks ever:
Earlier this year, Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bug in the iOS kernel that gave attackers remote access to the entire device-over Wi-Fi, with no user interaction required at all. Oh, and exploits were wormable-meaning radio-proximity exploits could spread from one nearby device to another, once again, with no user interaction needed.
This Wi-Fi packet of death exploit was devised by Ian Beer, a researcher at Project Zero, Google's vulnerability research arm. In a 30,000-word post published on Tuesday afternoon, Beer described the vulnerability and the proof-of-concept exploit he spent six months developing single-handedly.
[...] Beer's attack worked by exploiting a buffer overflow bug in a driver for AWDL, an Apple-proprietary mesh networking protocol that makes things like Airdrop work. Because drivers reside in the kernel-one of the most privileged parts of any operating system-the AWDL flaw had the potential for serious hacks. And because AWDL parses Wi-Fi packets, exploits can be transmitted over the air, with no indication that anything is amiss.
[...] Beer developed several different exploits. The most advanced one installs an implant that has full access to the user's personal data, including emails, photos, messages, and passwords and crypto keys stored in the keychain. The attack uses a laptop, a Raspberry Pi, and some off-the-shelf Wi-Fi adapters. It takes about two minutes to install the prototype implant, but Beer said that with more work a better written exploit could deliver it in a "handful of seconds."
Any Soylentils remember the Morris worm?
[N.B. "NOTE: This specific issue was fixed before the launch of Privacy-Preserving Contact Tracing in iOS 13.5 in May 2020." - googleprojectzero.blogspot.com]
Read more of this story at SoylentNews.