Google Uncovers iPhone Exploit That Can Steal Data Over Wi-Fi

Google Uncovers iPhone Exploit That Can Steal Data Over Wi-Fi

Apple liked to talk a big game when it comes to security on the iPhone, but it’s as vulnerable as any other company to unforeseen bugs. Sometimes, these bugs are minor and easy to fix with public disclosure. Other times, the bugs are a threat to user data and need to be patched in secret. That’s the case for a recent update that fixed a major Wi-Fi exploit. According to Ian Beer of Google’s Project Zero security team, the flaw allowed him to steal photos from any iPhone just by pointing a Wi-Fi antenna at it.

According to Beer, he discovered the flaw earlier this year and spent six months developing an exploit around it. The attack uses a buffer overflow bug in AWDL, which is Apple’s custom mesh networking protocol that allows iPhones, iPads, Apple Watches, and Macs to form ad-hoc wireless connections. This is a core part of the iOS and macOS software stack, so exploiting it gave Beer access to all the phone’s data.

Beer posted a full rundown of the hack on the Project Zero blog, which he can do because the flaw was reported to Apple early in 2020, allowing the iPhone maker to roll out patches in May to block the attack. The write up is exhaustively detailed, clocking in at 30,000 words. There’s also a video demo below, which won’t take quite so long to digest.

The attack utilizes a Raspberry Pi and off-the-shelf Wi-Fi adapters. It took some time to find the right combination of hardware. Beer notes we wanted to send poisoned AWDL packets over common 5GHz Wi-Fi channels, and not all antennas would allow him to do that. He also had to create a network stack driver that could interface with Apple’s software, and then learn how to turn the core buffer overflow bug into a “controllable heap corruption.” That’s what gave him control of the device.

As you can see in the video, the entire thing happens remotely without any interaction from the user. It takes a few minutes to break into the phone, but he’s able to successfully retrieve a photo from the device. Depending on the strength of the Wi-Fi antenna, Beer says this same attack could work from a great distance.

It might be tempting to say any attack that takes six months to develop and 30,000 words to fully explain is not a real threat, but Beer points out he did this alone. If a single engineer can create an exploit in six months that compromises sensitive data on billions of phones, that is a problem. Thankfully, this bug is fixed. It’s the next one we have to worry about.

Continue reading

How to Boost Your Wi-Fi Speed by Choosing the Right Channel
How to Boost Your Wi-Fi Speed by Choosing the Right Channel

Some channels in Wi-Fi routers are indeed much faster — but that doesn't mean you should go ahead and change them. Read on to find out more about interference and the massive difference between 2.4GHz and 5GHz Wi-Fi.

How to Boost Your Wi-Fi Speed by Choosing the Right Channel
How to Boost Your Wi-Fi Speed by Choosing the Right Channel

Some channels in Wi-Fi routers are indeed much faster — but that doesn't mean you should go ahead and change them. Read on to find out more about interference and the massive difference between 2.4GHz and 5GHz Wi-Fi.

Netgear Has the First Quad-Band Wi-Fi 6E Mesh Router, but it Costs $1,500
Netgear Has the First Quad-Band Wi-Fi 6E Mesh Router, but it Costs $1,500

Mesh routers are all the rage right now. Google, Amazon, Asus, Linksys, and many others have their own dual or tri-band mesh setups. Netgear says it has something new—the world's first quad-band Wi-Fi 6E system.

Chromecast, Google Home May Be Overloading Your Wi-Fi
Chromecast, Google Home May Be Overloading Your Wi-Fi

If you've had Wi-Fi problems since hooking up a Google smart speaker or Chromecast, it may not be your router or internet that's to blame.