During the bubonic plague in the 16th century, William Shakespeare wrote King Lear. This year, enduring months of COVID-19 quarantine, I played at least 200 hours of Death Stranding, Breath of the Wild, and Call of Duty: Warzone combined.
Meanwhile, Ian Beer, one of the best hackers on the planet, found a way to hack and take full control of any nearby iPhone with what many in the security industry believe is one of the most impressive iPhone hacks ever.
“For 6 months of 2020, while locked down in the corner of my bedroom surrounded by my lovely, screaming children, I’ve been working on a magic spell of my own,” Beer, who works for the Google elite hacking team Project Zero, wrote in a blog post. “No, sadly not an incantation to convince the kids to sleep in until 9am every morning, but instead a wormable radio-proximity exploit which allows me to gain complete control over any iPhone in my vicinity. View all the photos, read all the email, copy all the private messages and monitor everything which happens on there in real-time.”
Beer was able to develop a technique to send an exploit via WiFi that requires no user interaction at all, and doesn’t even need the target to be connected to the internet. In other words, if your iPhone was in range of someone with this capability, they could take it over without requiring you to click on a dodgy link or anything like that. What’s worse, Beer’s exploit could have been made into a worm, meaning it could propagate to nearby iPhones automatically, spreading exponentially, kind of like—if you’ll allow me the cringey metaphor—a cyber coronavirus.
Do you research and develop exploits for iPhones, Android phones, or other software? We’d love to hear from you. Using a non-work phone or computer, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, on Wickr at lorenzofb, OTR chat at firstname.lastname@example.org, or email email@example.com.
Chris Evans, Project Zero’s original team leader, wrote that “there’s something hauntingly beautiful watching all these iPhones die at slightly different times, as they get a WiFi broadcast packet of death.”
And there truly is, just take a look at the short video above, or a longer version below, which Beer made himself to showcase how his exploit works.
Dan Goodin, one of the most experienced cybersecurity reporters on the planet, called it “one of the most breathtaking iPhone vulnerabilities ever.”
The bugs that Beer found to develop this exploit chain have all been patched since iOS 13.5, released in May of this year. But as Beer wrote in his post, the takeaway here should be that “one person, working alone in their bedroom, was able to build a capability which would allow them to seriously compromise iPhone users they’d come into close contact with.”
Other than being spectacular, this vulnerability could actually have real world applications. According to a cybersecurity expert that just goes by Ray Redacted, it’s possible “this exploit could be used to unlock like 90 percent of the phones currently in custody at police departments across the USA,” given that those run older versions of iOS which still run code that contains the bugs found by Beer.
Of course, developing something like this takes time, and incredible expertise. But Beer showed that with just a Raspberry Pi, off-the-shelf WiFi adaptors that cost a total of $100, and a few lines of code, he could have hacked anyone within a few meters.
Beer challenged Apple, once again, to qualify the bugs he found for the company’s bug bounty. Beer wrote on Twitter that these bugs could’ve been worth $500,000, and he’d love for Apple to donate the money to a charity.
Congratulations to Beer for his future Pwnie Award.