iOS zero-day vulnerability uncovered

iPhone users could have had their devices remotely rebooted and controlled via an iOS exploit, Google’s Project Zero has revealed.

The vulnerability was patched by Apple in May, but a selection of iPhones and iOS units, which includes the iPhone 11, have been susceptible to the vulnerability, said Project Zero security researcher Ian Beer.

The security researcher said the exploit could have permitted hackers to remotely reboot and acquire complete command of a system from a length, enabling them to browse e-mails, messages, down load shots and even access the microphone and digital camera for surveillance purposes.

“AWDL is enabled by default, exposing a large and complex attack surface to everyone in radio proximity. With specialist equipment the radio range can be hundreds of meters or more,” Beer explained in a tweet. Part of exploit involves forcing AWDL to activate if it was switched off.

The process took six months to develop, but when Beer was done, he could hack any iPhone in radio proximity.

The takeaway from this project should not be: no one will spend six months of their life just to hack my phone, I’m fine.

Instead, it should be: one person, working alone in their bedroom, was able to build a capability which would allow them to seriously compromise iPhone users they’d come into close contact with.