IPhone zero-click Wi-Fi exploit: One of the most breathtaking hacks

  • Thread starter Thread starter jedishrfu
  • Start date Start date
  • Tags Tags
    Iphone
AI Thread Summary
A recently patched iPhone vulnerability allowed attackers to exploit a memory corruption bug in the iOS kernel, granting remote access to devices over Wi-Fi without any user interaction. This zero-click exploit, developed by Google’s Project Zero researcher Ian Beer, could spread between nearby devices, making it particularly dangerous. In a detailed 30,000-word analysis, Beer showcased a proof-of-concept that demonstrated the exploit on an iPhone 11 Pro, allowing an attacker to access personal data like emails and photos. The exploit utilized the AWDL interface to execute a buffer overflow, enabling root access to the device. This incident underscores the critical need for robust security measures in mobile devices.
jedishrfu
Mentor
Insights Author
Messages
15,463
Reaction score
10,175
TL;DR Summary
Before Apple patch, Wi-Fi packets could steal photos. No interaction needed. Over the air.
https://arstechnica.com/gadgets/202...t-is-one-of-the-most-breathtaking-hacks-ever/

Earlier this year, Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bug in the iOS kernel that gave attackers remote access to the entire device—over Wi-Fi, with no user interaction required at all. Oh, and exploits were wormable—meaning radio-proximity exploits could spread from one nearby device to another, once again, with no user interaction needed.

This Wi-Fi packet of death exploit was devised by Ian Beer, a researcher at Project Zero, Google’s vulnerability research arm. In a 30,000-word post published on Tuesday afternoon, Beer described the vulnerability and the proof-of-concept exploit he spent six months developing single-handedly. Almost immediately, fellow security researchers took notice.
 
  • Wow
  • Sad
  • Like
Likes anorlunda, pbuk, sysprog and 2 others
Computer science news on Phys.org
Why repeat the sensationalist headline?
 
Ask not why but why not.
 
  • Like
Likes davenn
pbuk said:
Why repeat the sensationalist headline?
As @jedishrfu said, "ask . . . why not" ##-## it seems sensational enough ##-## from the cited 30,000-word post:
Ian Beer said:

This demo shows the attacker successfully exploiting a victim iPhone 11 Pro device located in a different room through a closed door. The victim is using the Youtube app. The attacker forces the AWDL interface to activate then successfully exploits the AWDL buffer overflow to gain access to the device and run an implant as root. The implant has full access to the user's personal data, including emails, photos, messages, keychain and so on. The attacker demonstrates this by stealing the most recently taken photo. Delivery of the implant takes around two minutes, but with more engineering investment there's no reason this prototype couldn't be optimized to deliver the implant in a handful of seconds.
 
  • Like
Likes nsaspook

Thread 'Google DeepMind, AI/ML and ALPHA-fold'

I came across a video regarding the use of AI/ML to work through complex datasets to determine complicated protein structures. It is a promising and beneficial use of AI/ML. AlphaFold - The Most Useful Thing AI Has Ever Done https://www.ebi.ac.uk/training/online/courses/alphafold/an-introductory-guide-to-its-strengths-and-limitations/what-is-alphafold/ https://en.wikipedia.org/wiki/AlphaFold https://deepmind.google/about/ Edit/update: The AlphaFold article in Nature John Jumper...
View full post »
Thread 'Urgent: Physically repair - or bypass - power button on Asus laptop'

Thread 'Urgent: Physically repair - or bypass - power button on Asus laptop'

Asus Vivobook S14 flip. The power button is wrecked. Unable to turn it on AT ALL. We can get into how and why it got wrecked later, but suffice to say a kitchen knife was involved: These buttons do want to NOT come off, not like other lappies, where they can snap in and out. And they sure don't go back on. So, in the absence of a longer-term solution that might involve a replacement, is there any way I can activate the power button, like with a paperclip or wire or something? It looks...
View full post »

Hot Threads

Recent Insights

Back
Top