vulnerability that could have allowed potential hackers to get complete access to a person's
-- everything from viewing photos to monitoring activities in real time -- without the victim ever needing to click on any suspicious links or download
These types of vulnerabilities are considered the biggest threats to companies like Apple. At the Black Hat cybersecurity conference in 2019, Apple started offering $1 million bug bounties for researchers who could present a flaw that didn't require victims to click on anything and gave full access.
In a video, Beer showed how a Raspberry Pi setup with store-bought
adapters could steal photos from an untouched iPhone in a different room within five minutes. In another clip, Beer demonstrated how the same vulnerability could let him repeatedly reboot 26 iPhones at the same time.
"Imagine the sense of power an attacker with such a capability must feel," Beer said in his post. "As we all pour more and more of our souls into these devices, an attacker can gain a treasure trove of information on an unsuspecting target."
A snapshot of user adoption of the latest Apple software from around that time showed that the majority of users were already on current versions of
and thus protected against the issue, Apple said in a statement. "Also, it's good to note that this does require relatively close proximity as it needs to be within WiFi range to work."
Beer said he had spent about six months looking into the security vulnerability. He explained that the weak links came from Apple's proprietary mesh network AWDL, which allows iOS devices to easily connect to each other, like your
linking to your iPhone, for example.
The network didn't have built-in encryption, and Beer was able to exploit a single memory corruption to take over devices as new as the
iPhone 11 Pro
. He explained that the flaw came from a "fairly trivial buffer overflow programming error in C++ code" that allowed for untrusted data to pass through over Wi-Fi signals.
Typically, vulnerabilities work off each other like pieces of a puzzle -- finding one flaw leads to another until you're able to get the big picture. Getting complete access through a single exploit is part of what makes Beer's discovery so impressive.
Beer said that he hasn't seen any evidence that the flaw was exploited by others before it had been patched, but about 13% of all iPhone users are still vulnerable to this issue. While the flaw has been fixed, Beer noted that it likely won't be the last time an issue like this comes up for Apple -- pointing out that he was able to find this exploit on his own.
"As things stand now in November 2020, I believe it's still quite possible for a motivated attacker with just one vulnerability to build a sufficiently powerful weird machine to completely, remotely compromise top-of-the-range iPhones," Beer said.
Watch this: iPhone 12 Mini review: There's a lot to like for a phone so small