[ad_1]
Researchers at TU Darmstadt have discovered a vulnerability in Apple's iOS operating system, which concerns more than half a billion devices. […]
The newly released 12.1 update fixes the vulnerability called "CVE-2018-4368", which allows attackers to easily crash iPhones and iPads with a standard Wi-Fi card and a programmable card for less than $ 20 without physical access. .
Crash without user interaction
Apple has always been promoting user-friendly features such as AirPlay, allowing users to send music or movies to compatible speakers and TVs, wirelessly and in one click, from many Apple devices. The protocols use extensions such as Apple's Wireless Direct Link (AWDL), which allows direct wireless communication between Apple devices. But the practical features also present risks, says Professor TU Matthias Hollick, director of Secure Mobile Networking Labs.
"AWDL uses different wireless technologies, to put it simply, we use Bluetooth LE to ring the bell and the AWDL active target device, and then we take advantage of the fact that Apple does not fully check the The input that we send to the target device allows us to flood the device with insane inputs, so we can cause a simultaneous crash of the target device or even all nearby devices. We need no user interaction. "
brute force attack Bluetooth
According to Milan Mare, a coworker from Hollick, the brute force attack Bluetooth only requires a WLAN card from a standard laptop and a microphone: BBC bit, a simple low-cost Bluetooth-compatible computer such as Bluetooth. a Raspberry Pi or an Arduino. Potential attackers would therefore have an easy game. The researchers demonstrate in a video of the attack after successfully installing the update, which is no longer possible. The devices fall in a row without the researchers even having to touch them once.
Source link
