“Apple Wireless Direct Link (AWDL) is a key protocol in Apple’s ecosystem used by over one billion iOS and macOS devices for device-to-device communications. AWDL is a proprietary extension of the IEEE 802.11 (Wi-Fi) standard and integrates with Bluetooth Low Energy (BLE) for providing services such as Apple AirDrop.”

src: https://www.usenix.org/conference/usenixsecurity19/presentation/stute

“In this demo I remotely trigger an unauthenticated kernel memory corruption vulnerability which causes all iOS devices in radio-proximity to reboot, with no user interaction. Over the next 30’000 words I’ll cover the entire process to go from this basic demo to successfully exploiting this vulnerability in order to run arbitrary code on any nearby iOS device and steal all the user data”

src: https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html

this is pretty impressive but also scary.

A lot of those “make wifi easier to use” (like WPS) proof to be security problems.

Links:

https://www.offensivecon.org/

https://www.valuewalk.com/2019/02/ian-beer-releases-ios-12-12-1-2-exploit-perhaps-for-jailbreak-use/

https://www.heise.de/mac-and-i/meldung/Dateidiebstahl-und-mehr-Problematische-Luecken-in-Apples-AirDrop-Technik-4424245.html

liked this article?

  • only together we can create a truly free world
  • plz support dwaves to keep it up & running!
  • (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
  • really really hate advertisement
  • contribute: whenever a solution was found, blog about it for others to find!
  • talk about, recommend & link to this blog and articles
  • thanks to all who contribute!
admin