A DANGEROUS software bug allowed hackers to remotely break into people’s iPhones and secretly steal their photos.
The vulnerability, which has been patched by Apple, gave attackers access to the entire device over Wi-Fi without any interaction from the user.
A cyber security buff has revealed a breathtaking software vulnerability that allowed him to break into any iPhone remotelyCredit: AP:Associated Press
In a blog post published Tuesday, Google researcher Ian Beer highlighted the bug, which he likened to a “magic spell” placed over the device.
The cyber security buff said the exploit he discovered allowed him to “gain complete control over any iPhone in my vicinity.”
He added: “[I could] view all the photos, read all the email, copy all the private messages and monitor everything which happens on there in real-time.”
Ian works at Project Zero, Google’s security research group that tracks down major vulnerabilities in popular gadgets and software.
Hackers could have used the exploit to view the photos, emails and private messages of anyone in their vicinityCredit: Getty Images – Getty
He came across the iPhone bug earlier this year within the iOS “kernel”, a layer of code that forms the foundations of the operating system.
That means the vulnerability was active for years until Apple patched it in May after Ian got in touch to warn them of the issue.
An attacker would simply need to have been connected to the same WiFi network as you to break into your device unnoticed.
“Imagine the sense of power an attacker with such a capability must feel,” Ian wrote.
“As we all pour more and more of our souls into these devices, an attacker can gain a treasure trove of information on an unsuspecting target.”
Ian said Apple patched the issue months ago, and most people’s iPhones will have since been updated to fix it.
He said he found no evidence that the exploit was ever used by cyber crooks.
How to stay safe from hackers
- Protect your devices and networks by keeping them up to date: use the latest supported versions, use anti-virus and scan regularly to guard against known malware threats.
- Use multi-factor authentication to reduce the impact of password compromises.
- Tell staff how to report suspected phishing emails, and ensure they feel confident to do so, investigate their reports promptly and thoroughly.
- Set up a security monitoring capability so you are collecting the data that will be needed to analyse network intrusions
- Prevent and detect lateral movement in your organisation’s networks.
What’s particularly shocking about the bug is that an iPhone owner would not have had to interact with the phone to fall victim to an attack.
“It really is pretty serious,” founder of Project Zero Chris Evans said in an interview.
“The fact you don’t have to really interact with your phone for this to be set off on you is really quite scary.
“This attack is just you’re walking along, the phone is in your pocket, and over Wi-Fi someone just worms in with some dodgy Wi-Fi packets.”
Project Zero is dedicated to tracking down so-called “zero day” vulnerabilities.
These bugs are named as such because the bug is already live and ready to exploit, giving engineers “zero days” to find a solution.
Zero day exploits are a valuable tool for hackers hoarded by cyber criminals and intelligence agencies alike.
Teams of security researchers attempt to find and fix them in order to plug the gaping holes in the software and hardware we use every day.
In other news, the new iOS 14.2 update also brings new emojis and new iPhone wallpapers.
Samsung may be following in Apple’s footsteps and ditching free chargers and earphones from the box of its next smartphones.
And, the iPhone 12 has been labelled as the “the most durable smartphone ever” by researchers who conducted a drop test experiment.
Do you feel like your iPhone is safe? Let us know in the comments…
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]