Proof There's Always Some Potential Your Photos Aren't Private
We covered a bit about this hack earlier today – it's the one were a single code invades every iPhone within radio broadcast distance. There's another demonstration video you're going to need to see, too. This video was made by the same security researcher as the last one. This time, he makes the potential for chaos as clear as possible.
This time, Google Project Zero researcher Ian Beer demonstrates the remote theft of a photo from an iPhone. In the video, Beer captures a photo with the iPhone, then opens the YouTube app. The YouTube app isn't part of the hack – it's only opened to demonstrate how the iPhone shows no sign of tampering while the tampering takes place.
The automated attack does not require an internet connection. It does require that the iPhone be connected to some sort of wireless system – in this case it's connected to a wi-fi signal.
Normally a wi-fi network is password protected, so there'd be an additional layer of security between the device and the attacker. Beer suggests that the demonstration bypasses the bit where he'd normally need to break past that first line of wireless connection, but doing so only takes time, and this demonstration is all about the primary hack.
In the hack, the user is able to exploit a kernel bug on the phone, allowing the hacker to upload malware into the phone and grant access to the phone's contents.
If that weren't enough, this is all done remotely, without the hacker needing any sort of physical access to the phone. If that STILL weren't enough, this entire process can be conducted without the phone user ever knowing anything is amiss. No part of the process affects the working processes of the phone in any significantly apparent way whatsoever.
The good news, for now, is that this vulnerability has been patched since earlier this year. So long as your iPhone has the latest security update, you'll be safe from this specific exploit.
But the point was made, and a new point of reference can now be called upon. No matter how secure you think your wireless smart devices are, there's always a chance – however insignificant – that a vulnerability could be open to exploit.