Your iPhones are vulnerable to hacking due to Airdrop vulnerability

iPhone/iPad running on iOS 8.x can be taken over by hackers using Airdrop and other vulnerabilities

Apple devices running on iOS 8 and below are susceptible to a critical vulnerability which allowsย hackers toย wirelessly hijack the iPhone/iPad,within Bluetooth range. The vulnerability coupled with other flaws can be used by hackers to install almost any malicious App, was discovered ย byย Australian security researcher and consultant Mark Dowd.

The attack allows a potential hacker to install malicious apps on iPhones and Macs via their Bluetooth-enabled Airdrop filesharing feature. Anyone in range of a target device with the feature enabled could plant malware on the phone or PC, even if the victim didnโ€™t tap โ€œacceptโ€ for the offered file.

โ€œIt doesnโ€™t matter if they reject it or accept it, the vulnerability is already triggered by the time they can react to it,โ€ says Dowd.

Dowd said that Apple had patched the vulnerability in its latest OS release, iOS 9 and has advised all iPhone/iPad owner to update their devices to iOS 9 immediately.

Proof-of-Concept video

Dowdโ€™s PoC takesย advantage of not only the Airdrop bug in iOS but also a vulnerability that allows corporations to install their own custom apps on Appleโ€™s otherwise tightly restricted operating system. The hacker can use this very vulnerability to install any unapproved and malicious App after sending it through the Airdrop filesharing feature.

Dowd’s PoC works on iPhones/iPads that havent been jailbroken and can even disable the pop-up prompt that iPhone owner whether he/she trusts the programโ€™s author. After gaining access, the attacker would then wait until iPhone next rebooted and begin implanting malware.

Dowd says that a potential hacker could silently scout for iPhone users with Airdrop enabled within Bluetooth rangeโ€”say, in a crowded place like a train or mallโ€”and start planting malicious programs on their phones or Macbooks. An attacker who got hands-on time with the victimโ€™s iPhone could alternatively use the attack as a lockscreen bypass.

Mitigation

Dowd stated that Apple has already released a security update for both the Macbook and iPhone and those users who have updated to the latest version (iOS 9) are safe from the attack. However those iPhone users who dont want to upgrade their devices should alternatively disable Airdrop or their computerโ€™s Bluetooth feature altogether. They also need to disable theย access Control Center from the phoneโ€™s lockscreen.

Subscribe to our newsletter

To be updated with all the latest news

Subscribe to our newsletter

To be updated with all the latest news

Read More

Suggested Post