iOS Wi-Fi exploit enables zero-click remote iPhone access without user knowledge

2»

Comments

  • Reply 21 of 28
    Xed said:
    Nifty, but does rely on the phone being “awake” and time for a hash collision to be made - so the idea of a drone flying over users in the crowd scooping up data is not a realistic scenario. 
    The screen has to be awake for this to work? It looked like he used BT via AirDrop which is active regardless of whether the screen is active. 
    When the phone isn’t “awake”, airdrop is disabled.
    watto_cobranetroxjony0
  • Reply 22 of 28
    gatorguygatorguy Posts: 24,176member

    Sarkany said:
    This article was posted hours ago and not a single post from those who would go hell and back to defend Apple’s “impenetrable” security.

    Giving all my thanks to this guy and Google’s team for improving our security.
    Can you specify who those people may be? As a software dev and frequent AI visitor, I've never seen anyone claim any system is impenetrable. Never seen that said, ever. In fact just the opposite is said -- no system is hack-proof. Apple even has events and bounty programs for this purpose. Now, people often say iOS has better security than competing platforms like Android, but you seem to be conflating these two statements. 

    Anyway, it isn't clear to me from the article wither this was patched after the exploit was proven, or before.
    If you go to other articles it's clear the patch was done AFTER the Google researcher reported it to Apple. He just didn't release word of it until Apple had done so. 
    jony0
  • Reply 23 of 28
    netrox said:
    Lame crackers having nothing else to do.

    But thanks. 
    Seriously?
    How about: impressive findings and craftsmanship.
    jony0
  • Reply 24 of 28
    ivanh said:
    that’s why “proprietary” is so dangerous.
    Then can you explain further why "open" Android has had more exploits and vulnerabilities over the years than the closed iOS?
    How are you able to draw these conclusions? What data do you use to base your conclusions on?
    gatorguyrazorpit
  • Reply 25 of 28

    flydog said:
    jrc said:
    This is why I would like a physical on/off button that cuts all power from battery to any/everything. If I choose to use it, and let the implications of cutting off all services... so be it. 

    Nov 98 - earliest AI Forum registration.
    Why would anyone want to see your photos, videos, or emails?  Unless your phone contains the formula to cure cancer or the location of Hoffa's body, no one could care less. 
    It is a dangerous view that rights are resistant to cost/benefit or consequentialist sort of arguments. Here we are rejecting the view that privacy interests are the sorts of things that can be traded for security.

    Surveillance can disproportionately affect certain groups in society based on appearance, ethnicity, sexuality, and religion.

    razorpit
  • Reply 26 of 28

    Regarding this widely published story, I much prefer the properly titles like, “Critical iOS bug could have given hackers complete control of your iPhone over Wi-Fi”

    That title correctly suggests it’s a past exploit that was already patched and it was limited to physical radio proximity.

    If the exploit was current and unpatched, we could have given Mr. Cook and company a proper tongue-lashing.  We still can of course; if Tim was less focused on being a show-runner for his Apple TV and more focused on Apple's core hardware & software biz, maybe there wouldn’t be this security weakness to begin with.  But the fact is, Apple actually did what they should do; instead of ignoring security exploit that are privately disclosed to them as they've been known to do, they actually fixed this one and fairly promptly it seems.

    It’s interesting to me though that the daily dose of Android-related exploits (e.g. Google Play Apps Remain Vulnerable to High-Severity Flaw) don’t get the insane media attention.  With Apple though, we have to sensationalize an already patched exploit that was limited to radio proximity and come up with FUD scenarios like flying a drone over a protest.   

    edited December 2020
  • Reply 27 of 28
    gatorguygatorguy Posts: 24,176member
    markbyrn said:

    It’s interesting to me though that the daily dose of Android-related exploits (e.g. Google Play Apps Remain Vulnerable to High-Severity Flaw) don’t get the insane media attention.  

    Daily dose? Just for fun type " Android more secure than iOS" into your favorite search bar. 

    Anyway, Google patched the flaw you mention months ago on April 6, 2020
    .
    "However, in a report issued Thursday by Check Point researchers warned that the patch still needs to be pushed out by developers for several applications – and potentially still impacts hundreds of millions of Android users.
    “Unlike server-side vulnerabilities, where the vulnerability is patched completely once the patch is applied to the server, for client-side vulnerabilities, each developer needs to grab the latest version of the library and insert it into the application”.

    This is where Google should be doing as Apple probably would in a case like this one: Set a date where apps that do not implement the latest Google Play Core Library will be removed from the Play Store until they comply. The two companies can benefit from each other and have. Mobile OS's are far most secure than our desktops thanks to both company's efforts.
    edited December 2020 muthuk_vanalingam
  • Reply 28 of 28
    Rayz2016Rayz2016 Posts: 6,957member
    markbyrn said:

    Regarding this widely published story, I much prefer the properly titles like, “Critical iOS bug could have given hackers complete control of your iPhone over Wi-Fi”

    That title correctly suggests it’s a past exploit that was already patched and it was limited to physical radio proximity.

    If the exploit was current and unpatched, we could have given Mr. Cook and company a proper tongue-lashing.  We still can of course; if Tim was less focused on being a show-runner for his Apple TV and more focused on Apple's core hardware & software biz, maybe there wouldn’t be this security weakness to begin with.  But the fact is, Apple actually did what they should do; instead of ignoring security exploit that are privately disclosed to them as they've been known to do, they actually fixed this one and fairly promptly it seems.

    It’s interesting to me though that the daily dose of Android-related exploits (e.g. Google Play Apps Remain Vulnerable to High-Severity Flaw) don’t get the insane media attention.  With Apple though, we have to sensationalize an already patched exploit that was limited to radio proximity and come up with FUD scenarios like flying a drone over a protest.   

    I see what you’re saying (couldn’t really miss it since you typed the whole thing in bold), but it’s a matter of expectations: no one expects Android to be secure; everyone demands security from Apple platforms because:
    1. Apple bangs on about it. 
    2. Apple users/developers have restrictions placed on what they can do to maintain security. 

    My argument is the same as yours: this kind of exploit happens because someone took their eye off the ball. 

    edited December 2020
Sign In or Register to comment.