Do you own an iPhone? If yes, beware, as it is possible for hackers to gain access to an iPhone through a Wi-Fi connection, warns a security expert.
According to Marco Grassi, the Senior Security Researcher of Keen Lab of Tencent, the hack is known as “remotely compromising iOS via Wi-Fi and escaping the Sandbox” that demonstrates how an iOS device can be remotely exploited by just joining a Wi-Fi network and using it to bypass the iOS Sandbox.
“The victim will only have to join the Wi-Fi network, and then the device will be compromised without any user interaction, bypassing all iOS mitigations and sandboxes,” reads a blurb of Grassi’s presentation for the Black Hat Asia hacking conference.
Although Grassi has refused to provide any details on how the idea of hack originated or its working, he is expected to reveal the information on his hacking idea at a 50-minute briefing at the Roselle Junior Ballroom in Marina Bay, Singapore on Thursday.
The sandbox is designed with the aim to prevent malicious activity on the device by stopping apps from accessing or making any changes to the files.
“We will disclose a chain of several vulnerabilities, leading to arbitrary code execution outside of the iOS sandbox and show that the device can be compromised in different ways in the post-exploitation phase,” the blurb added.
Apparently, Apple had already fixed the bugs for its iPhone users with the release of iOS 10.2 update in December, reports Forbes. The issue has been made public only in February though. Those users who have not upgraded their OS to the latest iOS update are requested to do so at the earliest to fix the bugs.
The issue existed in the WebSheet component of iOS that is used when iPhone owners connect to public Wi-Fi networks that require them to go through a login portal, wrote Apple in its explainer notes. Apple was reportedly not doing enough proof checks to stop malicious code from running when that WebSheet was loaded.
“A sandbox escape issue was addressed through additional restrictions,” Apple added, acknowledging Grassi and Trend Micro’s Zero Day Initiative, which rewards researchers for discovering bugs before making it known to tech companies.
Grassi is expected to discuss the possibility of hacking iPhones using Wi-Fi in a talk, which will be held on March 30 at the Black Hat Asia hacking conference.