The iOS vulnerability allowed hackers to control your iPhone within radio proximity using AWDL.
Google’s Project Zero team member and security researcher, Ian Beer, discovered a new iOS vulnerability that allowed attackers to remotely gain access and control of almost any iPhone.
All hackers had to do was be within radio proximity of the device and exploit the AWDL, Apple’s proprietary wireless mesh networking protocol.
Dubbed as this year’s most sophisticated iPhone vulnerability; this memory corruption flaw was identified in the iOS kernel. It was a serious flaw because if exploited, it would give attackers full remote access to the device over the air, without involving any user interaction.
Moreover, it was a wormable exploit since radio proximity exploits can spread from one device to another, falling within the same proximity without user interaction.
AWDL is a cornerstone technology designed to power Sidecar, AirDrop, and similar other tentpole connective functions.
Beer tweeted about the discovery explaining how hackers can manipulate AWDL from a distance of hundreds of meters.
“AWDL is enabled by default, exposing a large and complex attack surface to everyone in radio proximity. With specialist equipment, the radio range can be hundreds of meters or more,” the tweet read.
The exploit involves activating AWDL if it is switched off. Once it is activated, the AWDL allows remote access to sensitive data like emails, photos, messages, real-time device monitoring, etc.
In the latest Project Zero blog post, Beer explained that the flaw was discovered in a 2018 iOS beta, which mistakenly had function name symbols linked to the kernel cache.
Beer explored Apple’s code and was able to detect AWDL. He engineered an exploit and developed the attack platform using two Wi-Fi adapters and a Raspberry Pi 4B.
The researcher claims that AWDL is a ‘neat’ technology as it offers revolutionary peer-to-peer connectivity features. However, it also provides a “large and privileged attack surface,” which anyone can exploit with the right knowledge and equipment.
“Unfortunately, the quality of the AWDL code was at times fairly poor and seemingly untested,” Beer noted.
It took Beer six months to develop the process, but he could hack almost any iPhone falling within radio proximity once it was complete. However, there’s no evidence that the exploit was used in the wild.
The vulnerability was patched in May 2020 with iOS 13.5. Apple’s spokesperson stated that most of its users are using updated software.
The researcher stated that if he becomes eligible for Apple’s bug bounty program, he will donate the prize to charity.