Warning issued over iPhone WiFi flaw that could allow hackers to take over your phone remotely
IPHONE users have been warned that a WiFi flaw could enable a hacker to access your phone remotely.
According to mobile security specialist ZecOps, this serious and dangerous “zero-click” flaw was silently embedded into the iOS 14.4 software, which when exploited, contributes to the iPhone hack.
Apple has yet to find a solution to this shocking research that appears to assist hackers in remote code execution and local privilege escalation attacks.
“There’s a new WiFi vulnerability in-town. You probably already saw it, but didn’t realize the implication. The recently disclosed ‘non-dangerous’ WiFi bug is potent,” ZecOps CEO Zuk Avraham says.
“While investigating this vulnerability we found another silently patched format-strings vulnerability that allows an attacker to infect an iPhone or iPad running iOS 14.3 or earlier without any interaction with an attacker.”
“This type of attack is known as 0-click (or zero-click). Exploiting this flaw is possible, and the same technique can be applied to the current unpatched WiFi flaw in iOS 14.6," he added.
AVOID STRANGE WIFI NETWORK NAMES
ZecOpts said that a WiFi network with specifically crafted letters in its name (SSID) would have to be joined by the latest version of iOS (14.6) to be considered harmful.
This knowledge will hopefully raise awareness and reduce attacks.
“Our research team was able to construct the network name in a way that does not expose the user to the weird characters, making it look like a legitimate, existing network name,” research by AirEye security analysts revealed.
Despite signs of Apple working on a fix seen in iOS 14.7 betas, Amichai Shulman, AirEye’s CTO insists that these hacks are “new and an as-yet unaddressed threat vector [and] given their stealthy nature, we’re bound to see more such attacks.”
This airborne attack comes as WhatsApp is working on a new feature to fix its encryption security, a new 2021 iPhone is in the works, and Apple’s iOS 15 is creating a feature to stop Facebook and related companies from tracking you, which will be released later this year.
The iPhones running iOS 12 or earlier are not seen to be vulnerable but Avraham advises all other users to turn off the WiFi Auto-Join Feature on iPads and iPhones (Settings > WiFi > Auto-Join Hotspot > Never).
A new iOS 14.7software is in the works, which may be released as early as next week that will hopefully put an end to these attacks.
Source: Read Full Article