[ad_1]
Google has a team that specializes in discovering vulnerabilities across various platforms. The Google Project Zero group, made up of cybersecurity specialists, has discovered a new cyber threat.
Google Project Zero has discovered a vulnerability not only in the Android system. One of the security experts working on the project announced a notable discovery in the form of an iPhone exploit that offers total control of the phone.
Called Ian Beer, the Google expert showed how a vulnerability discovered in the AWDL (Apple Wireless Direct Link) protocol could be used to remotely control the reboot of iPhones, iPads and other iOS devices, taking full control of them, according to Go4it. ro.
As with the phone in hand, the attacker could access emails and other messages, download photos stored in the phone’s memory, and even spy on the owner by activating the microphone and camera.
Normally, the AWDL protocol is used for wireless connection to other iOS devices, facilitating the fast transfer of photos and other files. The technology also helps connect an iPad as a secondary screen for another device, capturing the displayed image in real time.
In other words, Apple has provided hackers with an ideal technology to use to take remote control of iOS devices, and Google has found that
Not only have Google researchers discovered how to take advantage of the AWDL protocol, but also a way to force it to be activated on devices that have disabled it in settings.
So, starting with mere suspicions, it took the researcher six months to find a gateway and then demonstrate how iOS devices can be hijacked via the AWDL protocol. Ian Beer himself says there is no indication that the same exploit was also discovered by someone else, respectively, used in real attacks, according to the same source.
In the meantime, the information communicated directly to Apple made it possible to solve the problem in great secrecy, as the related patches have been available since May.
Apple does not dispute the existence of this enterprise, it even takes up Ian Beer’s descriptions in the documentation attached to the security patches published in May 2020. The company points out that most users already use devices updated with iOS versions that do not include this vulnerability.
At the same time, for the attack to be successful, the initiator would have to be within range of the vulnerable device’s Wi-Fi connection, which excludes the possibility of random attacks.
[ad_2]
Source link