iPhone owners take heed. A security expert relayed that it is possible for hackers to gain access to Apple's famed smartphones through a Wi-Fi connection. An iOS device can be remotely exploited by simply joining a Wi-Fi network and using it to bypass the iOS Sandbox.
The hack was described as "remotely compromising iOS via Wi-Fi and escaping the Sandbox". Marco Grassi, the Senior Security Researcher of Keen Lab of Tencent, will discuss the possibility of hacking iPhones using Wi-Fi in a talk which will be held on March 30 at the Black Asia Hat hacking conference.
Grassi refused to divulge any details of the hack including how he came up with it and how it actually works. As such, all eyes and ears will be on Grassi this Thursday as he spills the beans during his scheduled 50-minute briefing at the Roselle Junior Ballroom in Marina Bay, Singapore.
It was mentioned that the hack could bypass the Sandbox. The App Sandbox is described as an "access control technology" created to contain the damage to the system once an app is hacked or compromised. In other words, it is a way to prevent "malicious activity" by preventing apps from modifying files. Grassi will show how a number of vulnerabilities can result to an arbitrary code execution outside of the Sandbox which can then be used to compromise the iPhone.
As Forbes noted, Apple already has the solution to this potential problem. The latest iOS update contains the fix for the bug so iPhone owners are advised to upgrade as soon as possible. Despite Apple's swift action, this development is something that should still concern every iOS device user. The issue of cybersecurity has been a common theme especially after numerous hacking controversies surfaced in recent years.
A similar hacking event, the 2017 Pwn2Own, also had one of Apple's premium products fall to ethical hackers. The MacBook Pro with Touch Bar was "pwned" by a pair of hackers earning for themselves some prize money from the event organizers. The pair used logic bugs, a UAF and a null pointer deference to hack the Safari browser and gain root access to MacOS allowing them to input "pwned by niklasb & saelo" on the Touch Bar.
Events such as these, take advantage of the skills of ethical hackers who hack hardware and software in an effort to help companies make them better and hack-free. It's a good thing then that Grassi discovered a way to hack the iPhone using Wi-Fi before evil hackers did.