The flaw was fixed as CVE-2020-3843 in iOS 13.1.1/MacOS 10.15.3 in January of this year, said Beer. This exploit just uses a Raspberry Pi and two off-the-shelf WiFi adaptors for a total cost under $100.” While AWDL is enabled by default, Beer also found a way to remotely enable it even if it was off, utilizing the same attack.īeer reported the vulnerability to Apple a year ago, almost to the day. With specialist equipment the radio range can be hundreds of meters or more. “AWDL is enabled by default, exposing a large and complex attack surface to everyone in radio proximity.
Cmd hacking into any wifi series#
In a series of tweets, Beer also explained that the range and distance of the attacks could be extended using readily available equipment:
Cmd hacking into any wifi pro#
Beer described it as “a fairly trivial buffer overflow programming error in C++ code in the kernel parsing untrusted data, exposed to remote attackers.” He also went on to add that the whole exploit uses just a single memory corruption vulnerability, which he exploited to compromise a flagship iPhone 11 Pro device.īeer also shared a video demonstrating the attack: The flaw resides in the Apple Wireless Direct Link (AWDL) protocol, which is used for peer-to-peer network communications between iOS devices and powers features like AirDrop or SideCar. Beer, however, added that there was no evidence to suggest that the vulnerability was ever exploited in the wild.
The vulnerability was wormable for good measure, hence any attacks exploiting it could have spread from device to device with no need for user interaction. The exploit allowed him to access all the data stored on the device, including photos, emails, private messages, Keychain passwords, as well as monitor everything happening on the device in real time. In a blog post of no fewer than 30,000 words, Google Project Zero researcher Ian Beer described how, over a six-month period, he created a radio-proximity exploit that would grant him total control over an iPhone in his vicinity.
However, details about the flaw, which was fixed months ago, were sparse until now. Using a zero-click exploit, an attacker could have taken complete control of any iPhone within Wi-Fi range in secondsĮarlier this year, Apple patched a severe security loophole in an iOS feature that could have allowed attackers to remotely gain complete control over any iPhone within Wi-Fi range.