This incredible feat could have allowed hackers to remotely own iPhones without even touching them.

Have you ever watched that movie or played that video game about the hacker who can instantly take control of someone’s device without touching them at all? These scenes are generally unrealistic. But every now and then a real-life hack makes them quite plausible – a hack like the one you can see examples of in the videos above and below.

Today, Google Project Zero security researcher Ian Beer revealed that, until May, a variety of Apple iPhones and other iOS devices were vulnerable to an incredible exploit that could allow attackers to reboot remotely. and take full control of their devices remotely – including reading emails and other messages, uploading photos, and even potentially looking and listening to you through the iPhone’s microphone and camera.

How is such a thing even possible? Why would an iPhone even listen to a hack attempt remotely? According to Beer, that’s because today’s iPhones, iPads, Macs, and watches use a protocol called Apple Wireless Direct Link (AWDL) to create mesh networks for features like AirDrop (so you can easily transfer photos and files to other iOS devices) and Sidecar (to quickly turn an iPad into a secondary display). Not only did Beer find a way to exploit this, he also found a way to force AWDL to turn on even though it had been left off before.

While Beer says he has “no evidence that these problems were exploited in the wild” and admits that it took him six whole months to sniff, verify and demonstrate this feat – and although it was corrected in May – it suggests that we shouldn’t take the existence of such a hack lightly:

The takeaways from this project should not be: nobody will spend six months of their life just hacking my phone I’m fine.

Instead, it should be: one person, working alone in her bedroom, was able to create an ability that would allow her to seriously compromise iPhone users with whom she would be in close contact.

Weird stuff.

Apple did not immediately respond to a request for comment, but the company is citing Beer in the change logs for several of its May 2020 security updates related to the vulnerability.

You can read Beer’s lengthy explanation of how the hack exactly works here.