December 4, 2020 at 3:31 p.m.
- Google Project Zero researcher Ian Beer discovered a massive flaw in Apple security, recently publishing his findings.
- The defect, fixed in iOS 13.5, existed for years, leaving iOS users open to complete access of their iPhone’s data to nearby potential hackers.
- According to Beer, although no known exploits of this flaw have occurred, hacking groups with greater resources may have found the vulnerability and remained silent.
- Beer believes that the latest iPhone models are still vulnerable to hackers using a “weird machine” to exploit simple security flaws.
iOS AWDL Vulnerability
Apple Wireless Direct Link (AWDL) is a proprietary technology for connecting Apple devices over wireless networks. Without AWDL, features such as AirDrop and AirPlay would cease to function. AWDL creates a temporary “mesh” network, connecting Apple devices for short-term tasks.
Unfortunately, a mere coding mistake left Apple’s wireless implementation wide open. Using a buffer overflow attack, Ian Beer was able to take full control of iPhones using a laptop, a Raspberry Pi, and off-the-shelf WiFi adapters.
AWDL’s design enables hackers to gain extensive control of devices. The Application Processor parses AWDL frames within the kernel. An operating system’s kernel is its in-memory core. By design, compromising AWDL gives hackers complete control of the device.
Beer’s attempt to hack into the iPhone took six months, and he’s an experienced cybersecurity expert. Teams of hackers from black hat groups, governments, or other entities may have also found this or other vulnerabilities.
Apple Fixed the Vulnerability in iOS 13.5
Beer submitted his findings to Apple long before making them public, enabling the company to patch its software. Although there have been no known exploits of the vulnerability, malicious actors may have launched undetected attacks around the flaw.
Apple patched the vulnerability in iOS 13.5 by improving memory management. Release notes issued by the iPhone maker minimize the defect’s impact:
“Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory”
Apple doesn’t inform users that, by corrupting kernel memory, an attacker can push objects into this memory space and ultimately control the device. This is a severe defect, minimized by Apple’s euphemistic content management. The company has gone so far as to separate security issues from the release notes, marginalizing them for all but the curious.
Beer Warns “Weird Machines” Can Find Vulnerabilities in Newest iPhone Models
Although Apple fixed the security flaw, it’s best not to put faith in the company’s privacy promises. Apple’s business model is to sell devices and services. The company is not known to actively spy on customers for the sake of advertising or sales conversions. However, Apple engaged in other activities diminishing user privacy beyond the AWDL security flaw.
Recently, whistleblowers caught the company outsourcing real-world Siri requests to third-party contractors. After being caught in the act, Apple pledged to stop spying on its customers in this manner.
The iOS clipboard also made iPhones less secure. For some time, popular apps such as Reddit, LinkedIn, and TikTok were accessing the clipboard with every user keystroke, which could be an attempt to intercept private data. It was also recently discovered that iMessages send extraneous location data when users attach photos directly from the Camera Roll. If that’s not enough, hackers can easily compromise Apple’s T2 security chip.
Apple might not be spying on you as part of its business model, but they’ve done it for the sake of quality assurance. Its projection of perfection may fool some into believing Apple products can’t have security flaws due to coding mistakes. Clearly, this happens intermittently.
Beer’s concern is that sophisticated hackers can use “weird machines” to interrogate systems and find security flaws:
“As things stand now in November 2020, I believe it’s still quite possible for a motivated attacker with just one vulnerability to build a sufficiently powerful weird machine to completely, remotely compromise top-of-the-range iPhones. In fact, the parts of that process which are hardest probably aren’t those which you might expect, at least not without an appreciation for weird machines.”
Weird machines are essentially programs that try to exploit a single flaw. They take advantage of the fact that a programmer designs a feature to work expectedly. There are a finite number of states in an expected software solution. Weird machines attempt to find states outside of the solution set, typically to exploit a vulnerability.
Apple Can Improve Security, But Users Must Remain Vigilant
Beer’s work is not only instrumental in finding this specific flaw — it also presents Apple with a way of finding future vulnerabilities. Apple can create weird machines to hammer away at systems, finding unexpected weaknesses that human programmers may not discover. Apple will most likely do this, clandestinely, continuing to keep up appearances of perfection.
In the meantime, people need to realize that there’s no such thing as privacy. Edward Snowden showed the world how vulnerable their devices are, to great peril. Not much has changed. Governments, underground hacking groups, or geeks with large amounts of free time can figure out how to compromise virtually any system.
In the case of the iOS kernel memory flaw, one man could control virtually any proximal iPhone completely, with six months of effort:
“The takeaway from this project should not be: no one will spend six months of their life just to hack my phone, I’m fine.
Instead, it should be: one person, working alone in their bedroom, was able to build a capability which would allow them to seriously compromise iPhone users they’d come into close contact with.”
In an anarchic world of 7.8 billion people, myriad hackers are trying to find new ways to exploit devices. Some of these are individuals, while others are large teams of security experts. Given the state of digital security, it’s best to avoid storing sensitive information on any digital device, which is almost impossible these days.
If you still haven’t upgraded to iOS 13.5 or later, it’s critical that you do so. Now that the vulnerability is known, hackers can easily exploit devices running older versions of iOS. The flaw, finally disclosed today, was patched by Apple months ago. If you’re one of the few who doesn’t update Apple devices regularly, it’s best to run a software update on your iPhone or iPod touch as soon as possible. iPad users should also apply the fix, as Apple remediated the defect in iPadOS 13.5.