A Good News for iPhone Users — Google has saved iPhone users’ data from hackers
Accessing photos, banking passwords, messages, stealing login credentials, and even accessing location information have devastating effects. These passwords could have stored in the system, not scraped as a website was being accessed.
Apple iPhone had a major security vulnerability to allow hackers to run arbitrary code on any nearby iOS device. They can steal all the user data by staying near your iPhone and exploit a vulnerability.
Thankfully, no cases were reported of someone exploiting this vulnerability. Apple launched the patch in iOS 13.5 update. So, if you are using an iOS version above 13.5, you are actually safe. No need to worry!
Initially, Google’s Project Zero team alerted Apple about the security issue because this vulnerability went unnoticed, and hackers could have access to your data by being within the Wi-Fi radius of an iOS device. They can have access without the users to click on any link or perform any task.
Ian Beer of Project Zero explained in a blog post, “With some proper and better engineering hardware, once Apple Wireless Direct Link is enabled, the entire exploit can run in a couple of seconds. There are also better techniques for getting AWDL enabled in the first place rather than the hash brute force. My ultimate aim was to build a compelling demo that can be achieved by one person, with no special resources, and I think I’ve achieved this.”
He also unrevealed the attacker’s entire concept by showing how an attacker can successfully exploit a person’s iPhone 11 Pro placed in a different room through a door closed.
“The victim is using YouTube. The attacker forces the AWDL to activate. He successfully exploits the AWDL buffer overflow to gain access to the device. The implant has complete access to the user’s personal data, including pictures, documents, emails, messages, keychains, etc. The attacker describes this by stealing the most recently taken photo. Delivery of the implant takes just two minutes. Still, with more engineering investment, there’s no reason this prototype couldn’t be optimized
Thus, this disclosure is extraordinary because the malicious websites were in operation for at least two years. Every iPhone running iOS through iOS 12 was vulnerable to attack. So, this means that almost every iPhone was vulnerable that entire time.