A newly discovered iOS vulnerability allowed hackers to gain access over nearby Apple devices using a proprietary Apple wireless mesh networking protocol called AWDL.
Ian Beer, a Google Project Zero security researcher, has revealed that several Apple iPhones and other iOS devices until May, were vulnerable to an exploit that could let hackers remotely reboot and take complete control of their iOS devices from a distance.
The AWDL scheme also enables remote access to photos, emails, messages, real-time device monitoring, and even potentially watching and listening to you through the iPhone’s microphone and camera.
The Project Zero blog posted a video which shows a technical breakdown where Beer reveals the exploit mechanism in a 2018 iOS beta that accidentally shipped with intact function name symbols tied to the kernel cache.
After digging around in Apple’s code, he found AWDL, a cornerstone technology that powers AirDrop, Sidecar and other connectivity features.
The researcher engineered then made an exploit and crafted an attack platform consisting of a Raspberry Pi 4B and two Wi-Fi adapters.
Beer further explained by Tweeting “AWDL is enabled by default, exposing a large and complex attack surface to everyone in radio proximity. With specialist equipment the radio range can be hundreds of meters or more,”. Forcing AWDL to activate if it was switched off is part of the exploit.
AWDL is a “neat” technology that makes way for “revolutionary” peer-to-peer connectivity solutions, but notes that “having such a large and privileged attack surface reachable by anyone means the security of that code is paramount, and unfortunately the quality of the AWDL code was at times fairly poor and seemingly untested.” says Beer
It took six months of process to develop but when Ian was done he was enable to hack any iPhone that was in radio proximity.
Below is a video of the exploit in action. The victim’s iPhone 11 Pro is in a room that’s separated from the attacker by a closed door.