Researchers from the Google Project Zero team have unveiled a new flaw in Apple’s iOS mobile operating system that could allow hackers to gain entry to user’s devices without them knowing, or without them having to take any action.
This means they may be able to access emails, photos, private messages and even silently switch on the camera or microphone, all remotely without ever needing to touch the phone.
Usually, hacks similar to this one would require the phone user to unwittingly take some form of action that compromises the security of their device. This could be something as simple as clicking a link in an email that takes the user to a spoof website, setup by hackers to steal someone’s information.
Luckily for Apple customers the researcher, Ian Beer, has commented that he has not seen evidence of the hack being utilised in the ‘wild’ which can provide some reassurance.
The hack works by exploiting Apple’s Airdrop feature. This is a feature that allows users to quickly transfer media such as photo, video and audio files over the wifi to another Apple device, much faster than would otherwise be possible on normal systems. This is a very popular feature with users and many people stay with Apple for this feature and other proprietary Apple features (such as iMessage).
This comes after another warning by Mr Beer in 2019 discussing a ‘sustained effort’ by hackers to attack iPhones using fake websites, which are reportedly being visited thousands of times per week by potential victims. This was rebuffed by Apple with an accusation of fear-mongering by Google, stating that they had already fixed the issue six months prior.
In terms of protecting against this flaw, Apple updated iOS back in May to protect against this attack and all up to date devices will be safe. It’s not uncommon for reports of flaws such as this to be released after the issue has been fixed, to prevent opportunistic hackers from taking advantage of the information.
As usual, we always recommend keeping your device updated to the latest version released by the manufacturer. This is because new weaknesses are constantly being discovered by manufacturers and are usually fixed in the latest update.