No need to panic, but until a few months ago, your iPhone or iPad could be hacked by a passing stranger.

There was a flaw in the Apple Wireless Direct Link (AWDL) protocol under which AirDrop works that allowed someone with the right (cheap) equipment to break into your iPhone, steal your personal data, and install malware. (The flaw did not appear to affect Macs.)

Worse, once your iPhone was infected, it could spread to other iPhones and iPads nearby, and soon your friends and family would be infected as well.

Turning off AirDrop, Bluetooth, and Wi-Fi on your iPhone has no effect. This attack can turn AWDL back on even if the iPhone is locked.

This is a "wormable wireless proximity exploit that can take complete control of any iPhone in your vicinity," Ian Beer, a fairly well-known researcher on Google's Project Zero bug research team, wrote in a blog post yesterday (December 1) He wrote.

Beer said, "You can view all your photos, read all your emails, copy all your private messages, and monitor everything that happens there [on the iPhone] in real time."

As long as your iPhone is patched up to iOS 13.5 or iOS 12.4.7 or higher, released in May 2020, you need not worry about this. An Apple spokesperson confirmed this to Tom's Guide.

We did not have time to read through Beer's 30,000-word blog post detailing his investigation, but this is perhaps the most serious security flaw affecting Apple's mobile operating system, and Beer revealed in 2019 that the longstanding state Suffice it to say, it's even bigger than the sponsored iPhone hacking campaign.

"If you've ever used AirDrop, streamed music to a Homepod or Apple TV via Airplay, or used an iPad as a secondary display in Sidecar, you're using AWDL," Beer writes." And even if you weren't using those features, if people nearby were using them, it's quite possible that your device joined the AWDL mesh network they were using"

.

This is not the first time AirDrop and AWDL have been shown to be insecure; in mid-2019, German researchers found that AirDrop and AWDL open Macs and iPhones to all kinds of wireless attacks. In fact, warnings about AirDrop vulnerabilities date back several years.

However, no study was as in-depth as Beer's. In this five-minute demonstration, he shows that a laptop with a Raspberry Pi minicomputer and a few Wi-Fi dongles connected to it can hack into an iPhone in another room (presumably Beer's apartment).

"The entire exploit uses just one memory corruption vulnerability to compromise the flagship device, the iPhone 11 Pro," Beale wrote." This one issue alone allowed me to remotely execute native code and gain read and write access to kernel memory, defeating all mitigations."[25

Beer spent six months on this task, but warns that this should not be a reason to take this hack lightly.

"What you get out of this project shouldn't be: no one spends six months of their life just to hack my phone. Rather, it's that one person, working alone in his bedroom, was able to build a feature that could seriously compromise an iPhone user with whom he had grown close."

Imagine how quickly a team of well-funded professionals working for a national intelligence agency could have developed the same exploit. Our best bet might be to assume that they developed it.