A now-patched vulnerability allowed scammers to access an iPhone device over WiFi without any action taken on the victim’s side.
Via Ars Technica
A security researcher spent six months developing a proof of concept displaying how an iPhone vulnerability could be exploited via WiFi. By exploiting some of the technology that allows Apple’s Airdrop to work, the security researcher demonstrated that, via this vulnerability, someone could access emails, passwords, texts, and even crypto keys.
What makes this hack most dangerous is the fact that a victim only needs to be in the same area as the hacker (who’s conducting the attack over WiFi). There’s nothing the victim needs to click on, confirm, or open. As long as the device is nearby, the attack can work without ever notifying the victim.
While the vulnerability is fixed, the hack poses the question of how secure iPhone’s really are given that a single security researcher could discover and develop such a dangerous hack. What could entire hacking teams, whether independent or part of a country’s military department, develop?
This vulnerability was fixed in May, which is why it has been publicized. Most vulnerabilities are made public after a fix is released to prevent bad actors from taking advantage of them. If you haven’t updated your iOS device since then, do so now.
In general, you should always keep your devices updated as they’re most often security fixes. If you’re really worried about anyone accessing what’s on your phone, we recommend being careful about what you keep on your phone. Use encrypted and/or password locked tools to keep files and messages secure so that even if someone does have access to your phone, either physically, or remotely, they can’t easily get to your sensitive files.
For more information about this iPhone vulnerability, visit Ars Technica.