Flaw allowed iPhone hacking remotely through wi-fi

Published
Image source, Ian Beer
Image caption,
Ian Beer demonstrated the hack in a YouTube video

Researchers have revealed a flaw that allowed Apple iPhones to be hacked from afar without the owner doing anything.

Usually, smartphone hacks rely on user error - by clicking on a suspicious link, opening a message or downloading a malicious app - to gain control.

But Google Project Zero researcher Ian Beer has revealed how attackers could steal emails, photos, messages - and even access the camera and microphone.

Apple fixed the issue in May. And all up-to-date devices are secure.

Download photos

The hack was possible because Apple's devices use a technology called Apple Wireless Direct Link.

This uses wi-fi to allow users to send files and photos over Apple's AirDrop technology and easily share screens with other iOS devices.

Mr Beer exploited this network to show how hackers could gain access to a device from a distance.

In a blog post, he explained how he was able to complete the hack, which he spent six months investigating.

'Rich pickings'

He found no evidence the vulnerability had been "exploited in the wild", although said some people tweeted when the bug was fixed in May.

"As we all pour more and more of our souls into these devices, an attacker can gain a treasure trove of information on an unsuspecting target," he said.

Apple has not yet responded to a BBC News request for comment.

Prof Daniel Dresner, cyber security expert at the University of Manchester, said the lack of known exploitation was reassuring, as was the quick reactions of those involved in detection and remediation.

"It's significant given how new services could be exploited, as devices become more connected," he said.

"As phones seem to be the pivot point of always-on online living, they are rich pickings for finding these vulnerabilities to exploit."

"This showed you didn't have to be very close at all to the phone to hack it," Prof Alan Woodward, from the University of Surrey, said.

"It's a very simple hack. You don't even really have to understand what's going on inside the device to be able to remove a considerable amount of data from it."

Location data

Last year, Mr Beer revealed a "sustained effort" to hack iPhones, using booby-trapped websites, said to have been visited thousands of times per week.

Once on an iPhone, the implant could access an enormous amount of data, including (though not limited to) contacts, images and global-positioning-system (GPS) location data, and relay it to an external server every 60 seconds.

In response, Apple accused Google of fear-mongering, as the investigation had been published six months after it had fixed the issues.

However, it is common practice for responsible security researchers not to publish their findings until after a company has been given the chance to fix a flaw.

Media caption,
Cyber-security researchers show off how they have "fooled" the iPhone X's Face ID system

Their research said a bug in the Mail app had made devices susceptible to sophisticated attacks.

At the time, an Apple representative told Reuters news agency a fix would be included in upcoming software updates.

Google's Android devices have also previously had vulnerabilities revealed.

Anyone using an Android phone released in 2012 or earlier should be especially concerned, it said.