Arab Press

بالشعب و للشعب
Friday, Jun 20, 2025

Google engineer demonstrate how he could get full control and copy all data from 25 iPhones without touching them

iPhone security? Hmmm... In this demo I remotely trigger an unauthenticated kernel memory corruption vulnerability which causes all iOS devices in radio-proximity to reboot, with no user interaction. Over the next 30'000 words I'll cover the entire process to go from this basic demo to successfully exploiting this vulnerability in order to run arbitrary code on any nearby iOS device and steal all the user data

One of the geniuses working for Google on Project Zero wrote on his blogpost and on his YouTube videos:

Introduction
Quoting @halvarflake's Offensivecon keynote from February 2020:

"Exploits are the closest thing to "magic spells" we experience in the real world: Construct the right incantation, gain remote control over device."

For 6 months of 2020, while locked down in the corner of my bedroom surrounded by my lovely, screaming children, I've been working on a magic spell of my own. No, sadly not an incantation to convince the kids to sleep in until 9am every morning, but instead a wormable radio-proximity exploit which allows me to gain complete control over any iPhone in my vicinity. View all the photos, read all the email, copy all the private messages and monitor everything which happens on there in real-time.

The takeaway from this project should not be: no one will spend six months of their life just to hack my phone, I'm fine.

Instead, it should be: one person, working alone in their bedroom, was able to build a capability which would allow them to seriously compromise iPhone users they'd come into close contact with.

Imagine the sense of power an attacker with such a capability must feel. As we all pour more and more of our souls into these devices, an attacker can gain a treasure trove of information on an unsuspecting target.

What's more, with directional antennas, higher transmission powers and sensitive receivers the range of such attacks can be considerable.

I have no evidence that these issues were exploited in the wild; I found them myself through manual reverse engineering. But we do know that exploit vendors seemed to take notice of these fixes. For example, take this tweet from Mark Dowd, the co-founder of Azimuth Security, an Australian "market-leading information security business":

Watch the videos and read his full post here.

Newsletter

Related Articles

Arab Press
0:00
0:00
Close
16 Billion Login Credentials Leaked in Unprecedented Cybersecurity Breach
Senate hearing on who was 'really running' Biden White House kicks off
G7 Leaders Fail to Reach Consensus on Key Global Issues
Mass exodus in Tehran as millions try to flee following Trump’s evacuation order
Iranian Military Officers Reportedly Seek Contact with Reza Pahlavi, Signal Intent to Defect
China's Iranian Oil Imports Face Disruption Amid Escalating Middle East Tensions
Trump Demands Iran's Unconditional Surrender Amid Escalating Conflict
Israeli Airstrike Targets Iranian State TV in Central Tehran
President Trump is leaving the G7 summit early and has ordered the National Security Council to the Situation Room
Netanyahu Signals Potential Regime Change in Iran
Analysts Warn Iran May Resort to Unconventional Warfare
Iranian Regime Faces Existential Threat Amid Conflict
Energy Infrastructure Becomes War Zone in Middle East
Iran Conducts Ballistic Missile Launches Amid Heightened Tensions with Israel
Iran Signals Openness to Nuclear Negotiations Amid Ongoing Regional Tensions
Shock Within Iran’s Leadership: Khamenei’s Failed Plan to Launch 1,000 Missiles Against Israel
UK Deploys Jets to Middle East Amid Rising Tensions
Exiled Iranian Prince Reza Pahlavi Urges Overthrow of Khamenei Regime
Wreck of $17 Billion San José Galleon Identified Off Colombia After 300 Years
Iran Launches Extensive Missile Attack on Israel Following Israeli Strikes on Nuclear Sites
Israel Issues Ultimatum to Iran Over Potential Retaliation and Nuclear Facilities
Coinbase CEO Warns Bitcoin Could Supplant US Dollar Amid Mounting National Debt
Trump to Iran: Make a Deal — Sign or Die
Operation "Like a Lion": Israel Strikes Iran in Unprecedented Offensive
Israel Launches 'Operation Rising Lion' Targeting Iranian Nuclear and Military Sites
Israeli Forces Intercept Gaza-Bound Aid Vessel Carrying Greta Thunberg
IMF Warns of Severe Global Trade War Impacts on Emerging Markets
Syria to Reconnect to Global Economy After 14 Years of Isolation
Saudi Arabia Faces Uncertainty Over Succession After Mohammed bin Salman
Israel Confirms Arming Gaza Clan to Counter Hamas Influence
Majority of French Voters View Macron's Presidency as a Failure
U.S. Reduces Military Presence in Syria
Trump Demands Iran End All Uranium Enrichment in Nuclear Talks
Iran Warns Europe Against Politicizing UN Nuclear Report
Businessman Mauled by Lion at Luxury Namibian Lodge
Paris Saint-Germain's Greatest Triumph Is Football’s Lowest Point
OPEC+ Agrees to Increase Oil Output for Third Consecutive Month
Turkey Detains Istanbul Officials Amid Anti-Corruption Crackdown
Meta and Anduril Collaborate on AI-Driven Military Augmented Reality Systems
EU Central Bank Pushes to Replace US Dollar with Euro as World’s Main Currency
European and Arab Ministers Convene in Madrid to Address Gaza Conflict
Head of Gaza Aid Group Resigns Amid Humanitarian Concerns
U.S. Health Secretary Ends Select COVID-19 Vaccine Recommendations
Trump Warns Putin Is 'Playing with Fire' Amid Escalating Ukraine Conflict
India and Pakistan Engage Trump-Linked Lobbyists to Influence U.S. Policy
U.S. Halts New Student Visa Interviews Amid Enhanced Security Measures
Trump Administration Cancels $100 Million in Federal Contracts with Harvard
SpaceX Starship Test Flight Ends in Failure, Mars Mission Timeline Uncertain
King Charles Affirms Canadian Sovereignty Amid U.S. Statehood Pressure
Iranian Revolutionary Guard Founder Warns Against Trusting Regime in Nuclear Talks
×