In many Hollywood films (series like Mr. Robot are the big exception), hacking usually works like this: someone taps a little on their laptop or presses a large button on their smartphone and immediately has complete control over the device of the victim or villain. This is nonsense, of course, at least normally.
Because now a Google Project Zero security researcher by the name of Ian Beer has discovered and uncovered a weak point or combination of several holes that works pretty much as Hollywood-ready. Ars Technica describes the method as “the most breathtaking zero-click exploit of all time”.
Beer writes in a blog post that the exploit was or would have been possible until May of this year and affected a number of iPhones and other iOS devices. The security researcher found a method with which an attacker could remotely restart an iPhone and gain complete control – with access to e-mails, messages, photos as well as a camera and microphone.
Apple Wireless Direct Link
This was made possible by a protocol called Apple Wireless Direct Link (AWDL). This is used to create mesh networks like AirDrop. Beer found a way to take advantage of AWDL and even activate it on its own if it was previously turned off.
The good news: According to Beer, there is currently no evidence that this exploit has been used in the wild. This is also because he spent half a year finding, verifying, and demonstrating this hack.
Beer warns, however, to take his hack lightly. Because he writes that you shouldn’t rely on anybody going to spend six months of your life hacking an iPhone. Rather, one should be aware that “a person who worked alone in the bedroom could develop a skill that would enable them to seriously compromise iPhone users with whom they had come in close contact.”