“Apple Wireless Direct Link (AWDL) is a key protocol in Apple’s ecosystem used by over one billion iOS and macOS devices for device-to-device communications. AWDL is a proprietary extension of the IEEE 802.11 (Wi-Fi) standard and integrates with Bluetooth Low Energy (BLE) for providing services such as Apple AirDrop.”

src: https://www.usenix.org/conference/usenixsecurity19/presentation/stute

“In this demo I remotely trigger an unauthenticated kernel memory corruption vulnerability which causes all iOS devices in radio-proximity to reboot, with no user interaction. Over the next 30’000 words I’ll cover the entire process to go from this basic demo to successfully exploiting this vulnerability in order to run arbitrary code on any nearby iOS device and steal all the user data”

src: https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html

this is pretty impressive but also scary.

A lot of those “make wifi easier to use” (like WPS) proof to be security problems.

Links:

https://www.offensivecon.org/

https://www.valuewalk.com/2019/02/ian-beer-releases-ios-12-12-1-2-exploit-perhaps-for-jailbreak-use/

https://www.heise.de/mac-and-i/meldung/Dateidiebstahl-und-mehr-Problematische-Luecken-in-Apples-AirDrop-Technik-4424245.html

admin