Using AirDrop’s underlying protocol loopholes, hackers can control your iPhone

Friends, have you ever encountered such a thing?

The "kind reminders" on the subway always make people feel extra "warm", so my backhand is a "provocation".

AirDrop is not a trivial matter if it is not turned off. In some cases, it is basically equivalent to opening your iPhone directly to hackers.

Break the iPhone in two minutes

As fast as two minutes, hackers can use Apple's AWDL (AppleWirelessDirectLink) protocol loopholes to invade iPhone.

IanBeer, a security researcher at Google's ProjectZero, demonstrates how to control an iPhone from the air

Next, hackers can fully access your iPhone, read emails and other important information at will, or download photos in the iPhone, and may even monitor and monitor users through the iPhone’s microphone and camera .

What is disturbing is that the protocol vulnerabilities involve almost all Apple Ecosystem products that have the AWDL protocol. Once a hacker compromises your iPhone, it means that your other Apple devices are also difficult to escape.

The above is not sensational content, but the security researcher IanBeer of Google ProjectZero announced.

Fortunately, Apple blocked this loophole through a system upgrade as early as May of this year, and IanBeer also stated that this requires the user's device to be within a WiFi range.

As early as 2016, the Citizen Lab of the Munch School of Global Affairs in Toronto released a detailed research report on the discovery of Apple’s 0Day vulnerabilities, and named them the "Trident" vulnerabilities. As long as the iPhone user clicks on the link sent by the hacker, the device It may be controlled.

Compared with ordering a connection a few years ago, it is much more difficult to break into the iPhone.

How do hackers break the iPhone?

In 2014, Apple introduced the AWDL (AppleWirelessDirectLink) protocol. Apple devices' AirPlay, AirDrop, and Sidecar functions all rely on this protocol. It is the "core" of the Apple ecosystem to achieve communication between devices.

It is precisely by exploiting the loopholes in the AWDL protocol that hackers can break the iPhone.

AWDL is activated by Bluetooth. When the user uses Bluetooth, it will activate the AWDL interface of all surrounding Apple devices, and steal user information through protocol loopholes.

Invaded iPhone from the air. Picture from: IanBeer

Many users turn off Bluetooth after they use it, but hackers can't help it. They can forcibly turn on AWDL through other means.

Since the wireless chip can only work on one channel at the same time, AWDL will use frequency hopping technology to jump to the working channel of the en0 interface and the working channel of the awdl0 interface at different timeslots. In addition, each time the awdl0 interface is activated, a new randomly generated MAC address is used.

IanBeer, a security researcher at Google ProjectZero, created a remote arbitrary memory read and write primitive to activate the AWDL interface. After successful activation, the AWDL buffer overflow can be used to access the device and run the implant as the root user. A few seconds after startup You can get read and write access to the memory.

▲ The iPhone is controlled, but there is no response on the main interface. Picture from: IanBeer

With the read and write permissions of the memory, attack programs can be implanted into the device, which is basically equivalent to controlling the user's device in the background. Reading information, transferring information, and downloading photos can all be implemented.

The most important thing is that the attacks happen in the background without the user's knowledge .

There is no evidence that this vulnerability has been illegally used by hackers, this should be the only thing to be thankful for.

The heart to guard against "smart devices" is indispensable

While smart devices provide convenience, they also bring the risk of leakage of private information. Even due to its closeness and convenience, if user information is leaked, the impact will be more serious.

For example, many people put smart cameras at home. As a result, the vulnerabilities of smart cameras have been exploited on a large scale by hackers. The private videos of many users have been disseminated, and there is even a gray industrial chain that pays to watch live surveillance pictures.

If the mobile phone is hacked, the consequences will only be more serious than the smart camera incident.

Let's first take a look at what parts are in a mobile phone.

If a mobile phone is hacked, in extreme cases, it can be said that it may become a portable monitor, and it is the kind that you buy and maintain at your own expense…

This is why I have repeatedly emphasized to my friends not to point the camera of the smart device to the private scene of the family. In theory, any smart hardware that can be connected to the Internet has vulnerabilities. Whether there is a risk is only whether the vulnerability is discovered and exploited by hackers. .

Just like Microsoft’s system updates and upgrades for so many years, various vulnerabilities are still being discovered, old vulnerabilities are blocked, new vulnerabilities may appear again, maybe not where the vulnerabilities are, they can be broken and changed with the development of technology Become a loophole, everything is possible.

▲ More updates. Picture from: osde8info (Flickr)

Therefore, no matter how secure the system is claimed by the hardware device, we need to treat it as a smart hardware device that may have vulnerabilities, and protect ourselves through some "physical measures" as much as possible.

Keep a good habit to avoid device intrusion

It is unrealistic to live completely without smart devices, but we can maintain some good habits to minimize the risk of devices being "hacked".

1. Add a physical protection to the equipment

For example, laptops and other equipment, microphones and cameras are not used frequently. You can use black tape to seal them and open them when you use them. There are also free push-pull camera shutters on the online shopping platform, which are more convenient and beautiful than black tape. a lot of.

▲ Even Zuckerberg used tape to seal the laptop's camera and microphone

2. Disable microphone and camera permissions in private places

For example, some smart speakers have microphones and cameras. When placed in the bedroom, it is best to disable permissions. If you have to place a smart camera in a private place, you can buy one with a physical shielding function, and you can pull down the shield when you don't want to use the camera.

3. Turn off unused functions as much as possible

It is best to turn off functions such as Bluetooth or AirDrop when you are done using it, to increase the difficulty of the device being "hacked".

A Bluetooth speaker I bought before does not need a pairing code for pairing. Any device can be directly connected. Someone (maybe a neighbor) accidentally connected it and played some strange sounds. If this speaker is equipped with a microphone, the consequences will be disastrous if someone turns on the microphone after connecting.

4. Don't hand over smart devices to strangers for a long time

Ms. Zhang in Suzhou suspected that her husband had an affair, so she bought monitoring software and installed it on her husband’s mobile phone. Unexpectedly, Ms. Zhang’s husband found that the mobile phone was abnormal and directly called the police and captured Zou, who was making and selling software.

Some malicious software cannot be deleted even if the factory settings are restored. The best prevention method is not to hand over your device to strangers for a long time.

Talk about vulnerabilities? Not necessary

Once watching a TV show, a hacker cracked four fingerprint door locks in just a few minutes on the show, and the audience exclaimed, "No longer dare to use fingerprint locks, it is still safe with ordinary mechanical locks."

In fact, there is a saying circulating on the Internet: The more vulnerabilities a product or system is cracked by top hackers, the more secure it is .

Isn't it counter-intuitive?

This is the fact. The standard for demonstrating the safety of a product or system is never the number of vulnerabilities, but the difficulty of cracking the vulnerabilities. The greater the difficulty, the greater the potential benefits, and the more people can be attracted to find out More vulnerabilities.

▲ The bounty price for iPhone bugs is as high as 1.5 million US dollars. Picture from: Xie Yao (Zhihu)

Just like a lock, the difficulty of cracking an ordinary mechanical lock is far less than the difficulty of cracking a fingerprint code lock. The benefits of the two are almost the same. The latter requires a lot more comprehensive social knowledge and skills than the former. If one person can crack With fingerprint password lock, TA can do more profitable things.

For ordinary people, the heart of prevention is indispensable, but there is no need to go to the corner. Compared with the hacked device, it is more practical to pay attention to the issue of "personal privacy information leaked by commonly used apps."

Third-rate plan planner, second-rate mirror host, first-rate prodigal swingman

#Welcome to follow Aifaner's official WeChat account: Aifaner (WeChat ID: ifanr), more exciting content will be provided to you as soon as possible.

Ai Faner | Original link · View comments · Sina Weibo