Scary Zero-Click iPhone Exploit With Silent Remote Access Disclosed By Google Project Zero Researcher
In May of this year, Apple
patched a silent but deadly exploit that went after iPhones using specially crafted wireless payloads. This exploit is a simple memory corruption attack that allows any malicious person to do whatever they want to an iPhone
: be it collecting data such as images and messages, or shutting down the device entirely. First unveiled on Tuesday, the exploit is spectacular to watch and learn about over the course of the 30,000-word writeup.
This exploit was discovered by Ian Beer of Google’s Project Zero
earlier this year. As he was locked away at home due to the COVID-19 pandemic, he used his time to create a “wormable radio-proximity exploit” which lets anyone “gain complete control over any iPhone in [the] vicinity.” This works by taking advantage of ADWL, which is Apple’s proprietary networking protocol that drives services like AirDrop on nearly all Apple devices. In essence, a C++ coding error allows for a buffer overflow, or memory corruption, that allows untrusted data to be handled by the device's kernel or root through the ADWL protocol.
Over the six months tinkering with the exploit, Beer managed to create a few exploits, such as launching programs remotely or shutting off a group of iPhones, as seen above. However, the most impressive implementation of the exploit is the remote access of an image on an iPhone 11 without any user interaction or indication of an attack. You can see how this works in the five-minute video below, and it is frankly concerning.
Even though this exploit is now patched, the takeaway from this project, as Beer writes, is that “one person, working alone in their bedroom, was able to build a capability which would allow them to seriously compromise iPhone users they'd come into close contact with.” If Beer was working with a malicious team of people, the possibilities could be endless. Moreover, with more resources, such as “with directional antennas, higher transmission powers and sensitive receivers the range of such attacks can be considerable.” Ultimately, this exploit is another one knocked down, but who knows what else lies in the millions of lines of code Apple uses. A dangerous exploit could be hiding in any code, and it can bring down even the most secure-seeming devices we have today.