Launch of iOS, macOS, watchOS and tvOS by radio

Apple's mobile operating systems contained a vulnerability that could be exploited via Bluetooth. The devices in the zone can be blocked.

Researchers at the Technische Universität Darmstadt have discovered a vulnerability in iOS that affects more than half a billion iPhone and iPad – as well as many Macs, watchOS watches and Apple TV cases. This bug allows Apple devices running iOS 12, not iOS 12.1, to hang over the Apple Direct Direct Link (AWDL) protocol. The technology is actually used for direct WLAN communication between the manufacturer's hardware.

A radio storm makes devices flat

The Darmstadt team led by Matthias Hollick, head of the secure mobile phone lab, badyzed AWDL and encountered problems. "AWDL uses different wireless technologies, in simple terms, we use Bluetooth LE Storm to ring and AWDL's active target device, and we take advantage of the fact that Apple does not completely check the input." that we send him, to flood the device with insane inputs ". As a result, the researchers were able to plant the target or any other device nearby. "We do not need any user interaction." If the code is sent permanently, you can also bring machines into a start loop.

By laptop and micro BBC: bit

Proper software is required for the attack: it works with WLAN cards, commercially available laptops and a Bluetooth compatible single card computer, the BBC micro: bit. In their experiments, Hollick and his colleagues created the AWDL protocol not disclosed by Apple in the secure mobile phone lab. The vulnerability related to CVE-ID 2018-4368 is fixed in iOS 12.1, as well as in watchOS 5.1, tvOS 12.1 and the latest updates for macOS.

NAN comes from AWDL and is also in Android

However, according to researchers in Darmstadt, owners of Android devices should not weigh safely while the bug affects only Apple devices. A new standard of the Wi-Fi Alliance, Neighbors Awareness Network, NAN to sum up, uses AWDL and is already in the Android operating system. It is conceivable that similar gaps are also discovered here.

Not the only radio crash

The AWDL problem is not the only wireless crash that Apple has solved. Security researcher Kevin Backhouse discovered one in iOS 11 and macOS High Sierra, resulting in kernel-defective ICMP packet handling. Here, however, the attacker must be connected to the same WLAN network. iOS 12 no longer seems affected, High Sierra has received a security patch from Apple.

(BSC)