Soldato
New iPhone hack
- Thread starter something daft already!!
- Start date
Permabanned
- Joined
- 9 Aug 2008
- Posts
- 35,707
Right but Apple responded and said if you have the latest update you won't be susceptible to this hack. Unless you have an old device that is no longer supported.
Commissario
Yeah, it's not that new and it's been patched since iOS 13.5.
Permabanned
- Joined
- 9 Aug 2008
- Posts
- 35,707
It is disturbing though. For someone to find this sort of issue isn't good. It means anyone lower than a 6S will get this issue. Not good!
For something as bad as this I think Apple should be forced to patch up their old phones because of security. This is a big thing if data can be stolen.
For something as bad as this I think Apple should be forced to patch up their old phones because of security. This is a big thing if data can be stolen.
Commissario
I can't read the original article because *adblock* and the only video I could see was a forced restart. What are the actual implications? If I have to leave my phone somewhere within what will be a very short range transmitter for someone to get access then I wouldn't be that bothered.
Permabanned
- Joined
- 9 Aug 2008
- Posts
- 35,707
Soldato
short version: code can be run outside the sandbox to gain full access to data.
From the horse’s mouth (original blog)
https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html
https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html
Soldato
Was reading about this earlier over on The Reg (https://www.theregister.com/2020/12/03/apple_wireless_bug/); pretty "cool" and interesting, and ultimately serious, exploit that essentially gains you user data access within WiFi range (although mentions it could be "wormable").
Arguably it is a pretty serious issue if you cannot update to iOS 13.5/13.6 but Apple aren't alone (most of tech industry is the same) in dumping support for "old" hardware, so i would be surprised if they back-ported the fix to previous versions.
Arguably it is a pretty serious issue if you cannot update to iOS 13.5/13.6 but Apple aren't alone (most of tech industry is the same) in dumping support for "old" hardware, so i would be surprised if they back-ported the fix to previous versions.
Last edited:
Commissario
Access gained through Airdrop and brute force? Switch off Airdrop!
Permabanned
- Joined
- 9 Aug 2008
- Posts
- 35,707
Commissario
Switching it to Contacts Only won't help - The video showed that he'd created 100 random contacts and then brute forced it. On any device older than iOS 13.5, the only way to stop this is to switch off Airdrop.
Not that I expect that anyone will be compromised by this in the wild, ever.
Not that I expect that anyone will be compromised by this in the wild, ever.
Soldato
The author does mention he didn't think it was in the wild but did mention that Azimuth may have already known about this vulnerability, or certainly were looking into it, so it's entirely possible that it was being used.
Plus with 1.5 billion active iOS devices, i suspect there's still a fair few <13.5 devices being used, and the exploit now in the open, many bad actors will try their luck.
For privacy and security of users, i do think there needs to be more noise created about vulnerabilities like this (across all manufacturers/devices) especially if mitigating it is as simple as disabling a feature.
Plus it helps disbanded security myths people have of certain products.