A hack to be aware of – a Google Project Zero researcher has highlighted an exploit that, until May, allowed a variety of iOS devices to be remotely rebooted and fully controlled from a distance… including email, messages, photos, and even using the microphone and the camera.
According to researcher Ian Beer, using Apple Wireless Direct Link, which creates mesh networks for features like AirDrop and Sidecar, one could force AWDL on even if off, and then exploit that connectivity. Working alone… he did it in six months.
Apple did not dispute the exploit, and noted it was fixed in May 2020
Why do we care?
The researcher’s point was that while one person alone might take a long time, against teams, this is entirely different. One of those “security mantras” was always that protecting physical access to devices was an absolute. Well, with wireless, that’s not true.
So we care because of that – if you’re thinking about protection on devices, you have to factor in physical access… and now distance and wireless… as well.
Source: The Verge