A security researcher claimed that zero-click WiFi exploit is one of the most notorious iPhone hacks right now. This iOS flaw, he said, enables cybercriminals to control and access nearby iPhones, thanks to AWDL, a proprietary Apple wireless mesh networking protocol.
According to Apple Insider's latest report, Ian Beer, a member of Google's Project Zero team, explained that the newly discovered scheme allows hackers to access photos, messages, real-time device monitoring, and emails.
Because of its ability, Apple patched this vulnerability since it gives hackers remote access to the entire device. What makes this more dangerous is that it only needs a WiFi connection and doesn't require any user interaction.
Beer spent six months developing the exploit
Ars Technica reported that it took Beer six months to single-handedly develop the new exploit. He described the vulnerability and the proof-of-concept exploit in a 30,000-word post he published on Tuesday, Nov. 1.
Because of its severity, many security researchers immediately took notice. "This is a fantastic piece of work," said Chris Evans, Project Zero's founder, executive, and semi-retired researcher, via Ars Technica.
"It really is pretty serious. The fact you don't have to really interact with your phone for this to be set off on you is really quite scary," he added.
Evans explained that a hacker can use WiFi to import worms in a user's device, even if it is in their pockets.
How Zero-Click WiFi exploit works
The new vulnerability works by importing a buffer overflow in a driver for AWDL. Since these drivers are located in your iPhone's kernel, an extremely privileged part of any smartphone system, the flaw could lead to serious attacks.
What's alarming is that the zero-click WiFi exploit works over the air, making it more difficult for users to notice the attack. Beer said that a hacker can use this exploit to acquire sensitive user data without getting detected.
For more news updates about security vulnerabilities, always keep your tabs open here at TechTimes.
Related Article : Hacker Sells C-Level Executives' Accounts From $100 to $1500 Each, High-Level US CEO Included!
This article is owned by TechTimes.
Written by: Giuliano de Leon.