Do you own an iPhone?

If so, although you may not know the name, you owe Ian Beer your thanks.

Recently, he discovered an absolutely devastating iPhone hack that allowed attackers to take complete control over a target device from a distance with absolutely no action required on the part of an unsuspecting victim.

In virtually every phone hack out there, some user action is required. Hackers use social engineering tricks to get their victims to tap a link, open a file, grant permissions, or something similar, and then abuse those permissions once they have them. This attack is different. A hacker can take control with no action on the part of the unsuspecting user and do pretty much anything they want with the device.

A remote reboot can leave everything to the hacker

At the heart of the vulnerability is AWDL, which is the protocol Apple uses that allows Mac, iPhones, and other devices to create a peer-to-peer mesh network, which in turn, enables features like AirPlay and AirDrop.

Without getting into the technical details, the essence of the attack is that a hacker can remotely reboot your phone and take control when they come back online, having full access to your photos, messages, and all of your user data.

If there's a silver lining in all of this, it lies in the fact that Apple has already patched the exploit. In fact, it was patched back in May 2020, but if it's been a while since you've updated your device, you might be vulnerable.

Our perspective

Given the fact that this is an obscure, technical exploit, it's not terribly surprising that there's no evidence of it ever having been used in the wild. However, the fact that it exists at all, and that there are undoubtedly unpatched devices out there that are vulnerable to it, is terrifying. Make sure your iPhone is up to date and at the very least, you'll be able to take this off of your list of things to worry about.

~ As Hill Street Blues' Sgt. Esterhaus always advised: "Hey, let's be careful out there!" ~

 

By Denis Wilson

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can find us on LinkedIn, Facebook, and Twitter.

I am also a published author and speaker in cloud computing, work at home, and cybersecurity. I am working extensively with business and professional associations to provide small business technology education programs. Contact me if you would like me to speak at your association