iPhone Vulnerability Could Have Let Attackers Gain Complete Control Over Wi-Fi: All the Details

Apple acknowledged the issue on its support page and fixed it using improved memory management.

By Jagmeet Singh | Updated: 2 December 2020 16:56 IST

iPhone Vulnerability Could Have Let Attackers Gain Complete Control Over Wi-Fi: All the Details

Apple fixed the issue in iOS 13.5, though iPhone models on a previous version may still be vulnerable

Highlights

iPhone vulnerability was reported by a Project Zero researcher
A proof-of-concept is available to detail the issue
Apple took some time to fix the bug in AWDL to patch the flaw

Apple patched a serious vulnerability earlier this year that could have allowed attackers to gain complete control over any iPhone using Wi-Fi. The vulnerability. that has been fixed since the release of iOS 13.5 in May, was initially reported by a researcher of Google's Project Zero team. It was also noticed by other security researchers. The security flaw existed due to a bug in the iOS kernel that allowed bad actors to gain remote access, without requiring any direct interaction from users.

Known as an unauthenticated kernel memory corruption vulnerability, the issue was reported by Ian Beer of Project Zero. Beer published a 30,000-word blog to detail the vulnerability and provided a proof-of-concept exploit that he built after spending six months.

Although the security researcher developed multiple exploits to understand the flaw, the most advanced one he built was the wormable radio-proximity exploit that allowed him to gain complete control over his iPhone 11 Pro. He was able to deploy the exploit using a laptop, a Raspberry Pi, and some off-the-shelf Wi-Fi adapters.

“View all the photos, read all the email, copy all the private messages and monitor everything which happens on there in real-time,” he said in the post while detailing the scope of the vulnerability.

Beer exploited the buffer overflow bug that existed in a driver for AWDL, which is an Apple-native mesh networking protocol used for enabling features including AirDrop and AirPlay. It had the possibility to give complete access remotely to attackers since the said driver — just like other drivers — exist in the kernel.

“AWDL can be remotely enabled on a locked device using the same attack, as long as it's been unlocked at least once after the phone is powered on. The vulnerability is also wormable; a device which has been successfully exploited could then itself be used to exploit further devices it comes into contact with,” the researcher wrote.

As reported by Ars Technica, Beer's fellow researchers took notice of the flaw that he also demonstrated in a video uploaded on YouTube.

Apple acknowledged the existence of the vulnerability on its security page by saying, “A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.” The company also mentioned that it addressed the issue using improved memory management.

The flaw was fixed with the release of iOS 13.5. However, it is likely that the handsets running on an earlier iOS version could still be exploited.

There are no details on whether the vulnerability was exploited in the wild before it got fixed by Apple. However, Beer noted in his post that at least one exploit seller was aware of the bug in May.

Are iPhone 12 mini, HomePod mini the Perfect Apple Devices for India? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.

Affiliate links may be automatically generated - see our ethics statement for details.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.