Apple iPhone became a device used by consumers but also by Small and Large Corporations.
Recently, Ian Beer discovered an iPhone hack that allowed attackers to take complete control over a target device from a distance with absolutely no action required on the part of an unsuspecting victim.
In virtually every phone hack out there, some user action is required. Hackers use social engineering tricks to get their victims to tap a link, open a file, grant permissions, or something similar, and then abuse those permissions once they have them. This attack is different. A hacker can take control with no action on the part of the unsuspecting user and do pretty much anything they want with the device.
At the heart of the vulnerability is AWDL, which is the protocol Apple uses that allows Mac, iPhones and other devices to create a peer-to-peer mesh network, which in turn, enables features like AirPlay and AirDrop.
Without getting into the technical details, the essence of the attack is that a hacker can remotely reboot your phone and take control when they come back online, having full access to your photos, messages and all of your user data.
If there’s a silver lining in all of this, it lies in the fact that Apple has already patched the exploit. In fact, it was patched back in May, 2020, but if it’s been a while since you’ve updated your device, you might be vulnerable.
Given the fact that this is an obscure, technical exploit, it’s not terribly surprising that there’s no evidence of it ever having been used in the wild. However, the fact that it exists at all, and that there are undoubtedly unpatched devices out there that are vulnerable to it, is terrifying. Make sure you control through your Mobile Device Manager (MDM) what iPhone’s are up to date and at the very least, you’ll be able to take this off of your list of things to worry about.