During the lockdown this year, some people enjoyed the extra time to catch up on Netflix movie lists while others got busy creating stuff.
Ian Beer falls in the latter category. Professional Google security researcher, Beer, found bugs that enabled him to hack into nearby iPhones by "simply" using Raspberry Pi and $100 worth of gear.
Beer shared his exploit in a blog post, where he breaks down how he managed his feat — which took him a good six months of work.
It's scary what such impressive hacking skills can do. Beer explained that he created "a wormable radio-proximity exploit which allows me to gain complete control over any iPhone in my vicinity. View all the photos, read all the email, copy all the private messages, and monitor everything which happens on there in real-time."
I think overall ADWL is really neat and the technologies built on it can be revolutionary. For example, AirDrop, which uses AWDL, played a part in the 2019 pro-democracy protests in Hong Kong, where it was used to share information without fear of censorship.— Ian Beer (@i41nbeer) December 1, 2020
All Beer has to do is point his homemade antenna at the iPhones and he had that information. His technique sends an exploit via WiFi and it needs zero user interaction at all. Gone are the days of sending hacks through dodgy links.
So long as the phone is within range of someone with such a contraption, it could be taken over without so much as a touch or any action. Moreover, his exploits were wormable, which means the radio-proximity exploits can spread from one phone to the next without any user interaction, as explained by reputable ArsTechnica cybersecurity reporter, Dan Goodin.
In a short video, Beer displays the prowess of the system as it hijacks 26 iPhones in one go with one single broadcast. It's quite a sight watching so many phones die at different rates right before your eyes.
Beer's also shared a longer video in which he explains how the broadcast functions and how it can spread between iPhones that weren't even initially targeted.
As Beer himself cautions in his blog post, "Imagine the sense of power an attacker with such a capability must feel. As we all pour more and more of our souls into these devices, an attacker can gain a treasure trove of information on an unsuspecting target."
His creation is a stark reminder of what's possible to achieve in the hacking world.