Sunday, December 6, 2020

Google discovers vulnerability in iPhone that lets hackers steal data

Google has discovered a vulnerability in iPhones that might allow the hackers to engage in data stealing activity, say an expert working on the prestigious Project Zero. Ian Beer is the researcher in discussion who exploited an Apple Wireless Direct Link (AWDL) Protocol that allows data steal from iPhone and live- spying through the targeted device’s camera or microphone.

Mr. Beer says that it took six months for him to develop a Wormable Radio Proximity Exploit that allows a hacker to gain full control of an iPhone when in vicinity. However, the susceptibility is only highlighted when the device is within the Wi-Fi’s range.

Technically, AWDL allows a hacker to use a mesh networking protocol that enables AirDrop to send files to each other and this is where Beer has discovered an exploit in this arrangement that Apple Inc’s addresses as an already fixed flaw under CVE-2020-3843 file repository of June 2020.

Beer says that there is a high probability that the exploit dubbed as ‘Fairly Trivial Buffer Overflow programming error in C++ code in kernel parsing untrusted data’, could have been used by others by now as it has been existing since ‘May’ this year.

Ian claims that he just used a Raspberry Pi and a Wi-Fi adapter to launch an attack on an iPhone withing two minutes and that allowed him to steal sensitive information such as emails, photos, messages and audio recording details from an iPhone 11 Pro

The post Google discovers vulnerability in iPhone that lets hackers steal data appeared first on Cybersecurity Insiders.


December 07, 2020 at 09:40AM

0 comments:

Post a Comment