iPhone hack could let people take control of Apple devices without even touching them
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.iPhones and other Apple devices were open to a hack that would allow somebody to take control of them from a distance, a researcher has found.
The issue has now been fixed and there is no evidence that it was ever used, but until March of this year it would have been theoretically possible to gain almost complete access to a device using the hack, according to Google researcher Ian Beer.
He found that an attacker would potentially be able to read private messages, look through photos and even spy on the phone's owner through its camera and microphone.
The hack relied on a technology called Apple Wireless Direct Link, which is used to allow the company's devices to speak to each other and power features like AirDrop, which allows for files to easily be exchanged between users and their devices.
Mr Beer said that he had found a way not only to exploit that protocol, but also to turn it on if it had been switched off, meaning that even devices that were nominally protected against the exploit could have been affected by it.
That meant that someone using the attack would be able to break into the phone without ever actually getting near it. And the attack was also “workable”, meaning that it could spread from one phone to another.
In a long blog post outlining the problem, Mr Beer noted that the attack had taken him six months to work on, through early 2020. But he said that he had done so on his own, and hoped that the discovery of the exploit would serve as a warning that various bad actors are constantly trying to find ways into devices.
Apple has not officially acknowledged Mr Beer’s exploit, but it did mention his work in a system update that arrived in May, and appeared to fix the problem. That update noted that “a remote attacker may be able to cause unexpected system termination or corrupt kernel memory” and that it had been fixed by iOS 14.2.7 and simultaneous updates for its other operating systems.
Most active Apple users have likely updated to those newer versions of the operating system, meaning that many devices should be protected against the hack.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments