Most iPhone hacks require some degree of user interaction.
Nobody is going to hack your iPhone just by being near it without your knowledge. They need to send you a suspicious email with a rogue link in it with the hope that you’ll click on it.
They will send a malicious message disguised as one from a loved one in the hopes that you’ll follow directions. Or somehow trick you into downloading an app on your iPhone that they can use to gain access.
The list goes on and on.
However, security researchers discovered a recent vulnerability that has proved this is not always the case.
In fact, one particularly nasty exploit that was discovered by Google’s Project Zero team revealed that the AWDL protocol could have been used to steal data from any iPhone – even ones that were up to 300 feet away!
Breaking Down This Particularly Nasty iPhone Hack
Before we go on, it’s important to be clear on a few things. For starters, finding the exploit in question with regards to the AWDL protocol was not particularly easy.
Security researcher Ian Beer said it took a significant amount of time and he was only able to devote that much attention to the matter due to the extra time he had on his hands with the COVID-19 lockdowns. Therefore, it’s unlikely that anyone “in the real world” has actually made use of this hacking opportunity.
Likewise, once it was discovered, Apple immediately fixed the issue in May of 2020 – meaning that so long as your iPhone is updated to the latest version of the operating system, this isn’t actually a problem any longer.
Having said that, the hack itself works because that AWDL protocol not only allows other iPhones to create peer-to-peer mesh networks, but it also enables users to enjoy features like AirDrop and AirPlay. What do those two features have in common?
They let you access data remotely.
Essentially, the hack works by way of the delivery of an implant that requires the hacker to be within 300 feet of the victim for about two minutes. Once that payload had been delivered, the hacker could then remotely reboot the iPhone and have access to everything – from photos to messages and other user data.
Now again, to be clear, almost immediately after this vulnerability was discovered it was patched by Apple and it’s no longer something that anyone with an updated iPhone needs to worry about.
If nothing else, it’s also an interesting reminder of how fragile modern technology really is, and what can happen if someone who knows what they’re doing suddenly has far too much time on their hands.
Leave a Reply