Ian Beer, a member of Google’s Project Zero hacking team, revealed on Monday that iPhones and other Apple devices could be remotely hijacked and turned into surveillance tools until May, when he said Apple patched the vulnerability. The hacker not only didn’t have to touch the device, but need not ever even see it.
Using the iPhone’s Apple Wireless Direct Link, an Apple-exclusive protocol that enables iOS devices to talk to each other in features like AirDrop and Sidecar, Beer was able to remotely hijack the iPhone.
From a distance, he was able to read messages, page through photos, download data, and even watch and listen to the user by activating the phone’s microphone and camera. Even if the user turned AWDL off, he was able to turn it back on.
While Beer’s hack took six months and he claims to have “no evidence that these issues were exploited in the wild,” he urged caution regarding the exploit, suggesting it was the wrong response to assume “no one will spend six months of their life just to hack my phone, I’m fine.”
Instead, [the response] should be: one person, working alone in their bedroom, was able to build a capability which would allow them to seriously compromise iPhone users they’d come into close contact with.
In a Project Zero blog post detailing the hack, Beer suggests that the use of directional antennas and other transmission-boosting technology could significantly expand the range of such an attack, and pointed out that while it had taken him six months to work through the vulnerability, he was just a single person, while there are entire companies and military divisions with teams of specialists who’d make short work of such a hack.
Given the seriousness of the vulnerability, it’s not clear why Apple never bothered to tell its customers, even after supposedly patching the exploit with a series of security updates back in May. The tech giant has not denied the exploits existed – Beer was even credited in the update documentation.
Thanks to the delay, however, users who halted automatic updates out of concern for the Covid-19 contact-tracing platform Apple integrated into recent versions of their operating system have missed their chance to download the patch for the exploit. While Beer stated that the vulnerability was fixed shortly before the contact tracing platform went live, it’s no longer possible to download the pre-contact-tracing update – meaning privacy-conscious iPhone users are now forced to choose between leaving this backdoor wide open or throwing open the front door.
Apple’s sketchy record on privacy has put the company in the hot seat again over the last few weeks. A group of European privacy activists filed a complaint against the tech giant last month over its “Identifier for Advertisers” tracking code, which allows not just Apple but third parties to track users’ behavior. The group, called NOYB (None of Your Business) has accused Apple of violating European privacy laws, since the consumer is not asked for consent before the tracking begins.
Like this story? Share it with a friend!