Recently, a researcher from Google's IT security team exploited a security flaw that allowed him to certainly hack iPhone through AirDrop.
The vulnerability discussed here regarding a protocol used by Apple to link devices running on iOS to its AirDrop. The discovery of Google researchers has made it possible to access files in iPhones thanks to this security flaw
This article will also interest you: Unlock an iPhone without Apple: the FBI has succeeded this bet
The professional behind this discovery is part of Google's Project Zero initiative. The team of cyber professionals tasked with tracking security vulnerabilities through electronic devices. His name is Ian Beer. In reality it is not a security flaw regarding AirDrop, but several vulnerabilities affecting the AWDL (Apple Wireless Direct Link) protocol, a protocol used by Apple to create a mesh network for certain tasks such as AirDrop which serves particularly as file sharing between Apple devices or Sidecar between the iPad and the Mac for screen sharing.
According to the Project Zero researcher, the fault properly exploiting can allow you to read emails and correspondences from iOS users. It would even be possible to take control of the camera, the miro and the iPhone. But this is rare and difficult to put into practice. Cases of figures that highlight facts present in our television fictions.
In addition, it should be clarified that Apple has acknowledged the existence of its security vulnerabilities. According to the Cupertino firm, the vulnerabilities discussed here have already been resolved in recent versions of iOS.
Even after the manual shutdown of the AWDL protocol, Google's researcher in an interview with the online media, The Verge, claimed to have managed to find a way to force the activation of the same protocol. According to the latter, there is "no evidence that these faults have been exploited in the wild." He also notes that the discovery of these security vulnerabilities, as well as their verification and operation, took him nearly 6 months of study. Therefore, these are discoveries that should not be overlooked by Apple.
"The outcome of this experience should not be: no one will spend six months of their life hacking my phone, I'm fine. On the contrary, it should be: a person, working alone in his room, has been able to acquire a capacity that would allow him to seriously compromise the iPhone users with whom he is in contact," said Ian Beer
Apple, for its part, has acknowledged that it has done enough to fix the security flaws. The U.S. company says it has repeatedly mentioned the names of Google researchers in these notes. The security patches have reportedly been deployed since May. And that the majority of iPhone users already migrated to new versions of iOS that are protected from vulnerabilities stated by the Google researcher. As if to mitigate the seriousness of Ian Beer's comments, the Cupertino firm says that to succeed in the attack as demonstrated by the latter, the attacker must be within the wifi of the target iPhones. This in a way makes it difficult to execute such a hacker for a hacker.
Now access an unlimited number of passwords: