iOS vulnerability endangers half a billion Apple users

November 05, 2018 // By Christoph Hammerschmidt
Through a vulnerability in Apple's iOS, attackers can crash iPhones and iPads using commercially available hardware. Physical access is not required for this. That's what researchers at the Darmstadt Technical University have found out. More than half a billion devices are affected by this problem.

Scientists at the Secure Mobile Networking Lab at the TU Darmstadt have found a vulnerability in the iPhone operating system iOS 12 that could allow an attacker to crash mobile Apple devices such as iPhones and iPads with a standard WLAN card and a simple single-board computer for less than 20 euros. According to the principle of "responsible disclosure", the vulnerability was reported to Apple and has just been closed by an iOS update. The scientists therefore strongly recommend users of Apple mobile devices to install the current iOS update 12.1.

Apple has traditionally promoted user-friendly features such as AirPlay, which allows users to send music or movies to compatible speakers and TVs wirelessly and with a single click from a variety of Apple devices. The underlying protocols use manufacturer extensions such as Apple Wireless Direct Link (AWDL), which enables direct WLAN communication between Apple devices. But the convenient functions also entail risks, explains Professor Matthias Hollick, head of the Secure Mobile Networking Lab at Darmstadt Technical University: "AWDL uses various wireless technologies. Put simply, the AWDL function is activated in the target device via a Bluetooth LE signal. In a second step, we take advantage of the fact that Apple does not cleanly check the input we send to the target device; this makes it possible to launch a denial of service attack. The result is a crash of the target device or all nearby devices at the same time. We don't need any user interaction."


Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.