How to steal photos off someone’s iPhone from across the street



Well-known Google Project Zero researcher Ian Beer has just published a blog post that is attracting a lot of media attention.

The article itself has a perfectly accurate and interesting title, namely: An iOS zero-click radio proximity exploit odyssey.

But it’s headlines like the one we’ve used above that capture the practical essence of Beer’s attack.

The exploit sequence he figured out really does allow an attacker to break into a nearby iPhone and steal personal data – using wireless connections only, and with no clicks needed by, or warnings shown to, the innocently occupied user of the device.

Indeed, Beer’s article concludes with a short video showing him automatically stealing a photo from his own phone using hacking kit set up in the next room:

  • He takes a photo of a “secret document” using the iPhone in one room.
  • He leaves “user” of the phone (a giant pink teddy bear, as it happens) sitting happily watching a YouTube video.
  • He goes next door and kicks off an automated over-the-air attack that exploits a kernel bug on the phone.
  • The exploit sneakily uploads malware code onto the phone, grants itelf access to the Photo app’s data directory, reads the “secret” photo file and invisibly uploads it to his laptop next door.
  • The phone continues working normally throughout, with no warnings, pop-ups or anything that might alert the user to the hack.

That’s the bad news.