IPhone zero-click Wi-Fi exploit: One of the most breathtaking hacks

  • Thread starter Thread starter jedishrfu
  • Start date Start date
  • Tags Tags
    Iphone
Click For Summary
SUMMARY

The iPhone zero-click Wi-Fi exploit, discovered by Ian Beer from Google's Project Zero, is a critical vulnerability in the iOS kernel that allows attackers to gain remote access to devices without user interaction. This exploit, which affects devices like the iPhone 11 Pro, utilizes a buffer overflow in the AWDL interface to deliver an implant that can access personal data, including emails and photos. The exploit is particularly alarming due to its wormable nature, enabling it to spread between nearby devices. Apple has since patched this vulnerability, highlighting the importance of timely updates for device security.

PREREQUISITES
  • Understanding of iOS kernel architecture
  • Familiarity with buffer overflow vulnerabilities
  • Knowledge of Wi-Fi Direct and AWDL protocols
  • Experience with exploit development and proof-of-concept testing
NEXT STEPS
  • Research iOS kernel security mechanisms and patch management
  • Learn about buffer overflow prevention techniques in software development
  • Explore Wi-Fi Direct and its implications for device security
  • Study exploit development methodologies and tools used in vulnerability research
USEFUL FOR

Security researchers, iOS developers, cybersecurity professionals, and anyone interested in mobile device security and exploit mitigation strategies.

jedishrfu
Mentor
Insights Author
Messages
15,593
Reaction score
10,361
TL;DR
Before Apple patch, Wi-Fi packets could steal photos. No interaction needed. Over the air.
https://arstechnica.com/gadgets/202...t-is-one-of-the-most-breathtaking-hacks-ever/

Earlier this year, Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bug in the iOS kernel that gave attackers remote access to the entire device—over Wi-Fi, with no user interaction required at all. Oh, and exploits were wormable—meaning radio-proximity exploits could spread from one nearby device to another, once again, with no user interaction needed.

This Wi-Fi packet of death exploit was devised by Ian Beer, a researcher at Project Zero, Google’s vulnerability research arm. In a 30,000-word post published on Tuesday afternoon, Beer described the vulnerability and the proof-of-concept exploit he spent six months developing single-handedly. Almost immediately, fellow security researchers took notice.
 
  • Wow
  • Sad
  • Like
Likes anorlunda, pbuk, sysprog and 2 others
Computer science news on Phys.org
Why repeat the sensationalist headline?
 
pbuk said:
Why repeat the sensationalist headline?
As @jedishrfu said, "ask . . . why not" ##-## it seems sensational enough ##-## from the cited 30,000-word post:
Ian Beer said:

This demo shows the attacker successfully exploiting a victim iPhone 11 Pro device located in a different room through a closed door. The victim is using the Youtube app. The attacker forces the AWDL interface to activate then successfully exploits the AWDL buffer overflow to gain access to the device and run an implant as root. The implant has full access to the user's personal data, including emails, photos, messages, keychain and so on. The attacker demonstrates this by stealing the most recently taken photo. Delivery of the implant takes around two minutes, but with more engineering investment there's no reason this prototype couldn't be optimized to deliver the implant in a handful of seconds.
 
  • Like
Likes nsaspook

Thread 'Looking for a reliable inkjet All-In-One printer for photos and docs'

I am having a hell of a time finding a good all-in-one inkjet printer. I must have gone through 5 Canon, 2 HP, one Brother, one Epson and two 4 X 6 photo printers in the last 7 yrs. all have all sort of problems. I don't even know where to start anymore. my price range is $180-$400, not exactly the cheapest ones. Mainly it's for my wife which is not exactly good in tech. most of the problem is the printers kept changing the way it operate. Must be from auto update. I cannot turn off the...
View full post »