A recently discovered security flaw in Apple iPhone devices showed that the devices have been susceptible to remote hacking. A white hat hacker employed by Google as a part of their Project Zero team described in a lengthy blog post how he managed to remotely hack iPhones through WiFi without the need of a user error. All he needed to obtain unauthorized access was to be close to the targeted devices. The issue that made the flaw possible was patched by Apple back in May 2020.
The wormable radio-proximity exploit allowed the white hat hacker to access all the files stored on the targeted devices that include emails, notes, images, location data, etc. What makes these findings particularly remarkable is the fact that users did not have to click on a suspicious link, visit a shady website, or download a malicious map. All potential victims had to do is be close to a person capable of exploiting the security issue. What makes things even worse is that the security fault would also give away access to the camera and microphone of the targeted device.
According to Ian Beer, the Project Zero researcher who discovered the security issue, the bug appears not to have been widely used by cybercriminals. So, it is unlikely someone ever accessed your iPhone files with this particular exploit. However, he pointed out that people started reacting to the news after Apple issued a patch that fixed the vulnerability. Hence, it certainly is an issue that has been exploited beforehand. According to the white hat hacker, regular folks don’t notice a fix like this without a deep interest in this code.
The finding of the security fault has been the longest exploitation project he has ever worked on. According to the cybersecurity expert, it took him approximately six months to discover it. However, he points out that companies and state-sponsored teams might do it much quicker – as often they are not individuals working alone, but groups of trained experts collaborating together, each with their specialization. They also have access to much more robust information sources such as symbols files, leaked source code, and hardware such as special cables, development devices, etc.
Security researchers rarely publish their findings until after a company has been given a chance to take care of the security issue. The fact that the security flaw was fixed back in May, and the masses are learning about this in December, means that the exploit might have been around for a long time before Apple patched it. It has never been more important for smartphone users always to make sure they are running the latest OS on their connected devices and that they have high-end security protection in place.