KEY POINTS

  • Apple's iPhones are some of the best smartphones around
  • Despite this, researchers still discover some flaws
  • One particular flaw can allow remote access to the iPhone and its content

A security researcher discovered a major security flaw that allows people with the know-how, equipment and malicious intent to gain remote access to a nearby iPhone, view all of the data in the device and even steal it – all without the owner knowing.

Noted Google Project Zero research Ian Beer, a known security researcher who works with companies to fix serious flaws, recently published a lengthy blog entry explaining how it is possible for someone to gain access to an iPhone from a safe distance, such as from the other side of the street.

The blog entry, “Project Zero: An iOS zero-click radio proximity exploit odyssey,” is highly technical in nature and uses jargon that won’t be easy for the average consumer to understand, but in a cinch, here’s what Beer had to say.

“I believe it's still quite possible for a motivated attacker with just one vulnerability to build a sufficiently powerful weird machine to completely, remotely compromise top-of-the-range iPhones,” he wrote.

“The takeaway from this project should not be: ‘no one will spend six months of their life just to hack my phone, I'm fine’,” he added.

The expert explained that iPhone owners should be aware that “one person, working alone in their bedroom, was able to build a capability which would allow them to seriously compromise iPhone users they'd come into close contact with.’”

iphone-12
This year's iPhones have finally been revealed. SlashGear

What did he do?

Beer explained that he was able to discover a flaw that existed in the iPhone 11 Pro Max, Apple’s previous flagship. He said he was scrolling through an iOS beta build released in 2018 and found an interesting detail that merited his attention.

The particular detail in question had the acronym “AWDL” in it, which stands for “Apple Wireless Direct Link.” This item was used by Apple’s wireless file-transfer feature, AirDrop.

From there, Beer tried to look into what he could do with the vulnerability he discovered. He later found out that it would allow him to do many things, such as “view all the photos, read all the email, copy all the private messages and monitor everything which happens on there in real-time.”

Beer said he did this by himself within a period of six months while quarantining at home due to the COVID-19 pandemic. He had no equipment save for a MacBook, iPhones and other small gadgets.

He also shared a video to demonstrate what his contraption can do, which can be viewed below.

For those who are worried that someone will do these to their iPhones, there's no need to fret. Beer said he has already reached out to Apple about the flaw and worked with the company to fix it.