Bluetooth is a wireless connectivity option that we use quite a bit, whether it’s pairing devices with headphones, speakers, keyboards, or mice. Unfortunately for iPhone users, it seems that a Bluetooth exploit has been discovered where it can actually be used to remotely wipe nearby iPhones.
The scary thing about this exploit is that the iPhone owner does not need to do anything on their end, which means that you don’t need to click any suspicious links, open strange emails, and so on. According to a tweet by the researcher who discovered it, it seems that it can be as simple as the hacker riding around with a Bluetooth enabled laptop in their backpack and remotely wipe iPhones around them.
POC? RCE up to 15.0.X ~ High level proximity based Bluetooth LE exploit to remote wipe iDevices based on proximity alone! No physical device access.
In short can put a laptop in a backpack and ride a bike in a city wiping iPhones 🙂
— Robert (@RobertCFO) October 13, 2021
The good news is that Apple has since been made aware of the issue and that apparently it is fixed in iOS 15.1. However, as iOS 15.1 is still in beta, this means that pretty much everyone not in the beta is vulnerable to the exploit. The researcher does not detail how the exploit can be pulled off, but they apparently plan on releasing a proof of concept soon.
Some have pointed out that the email Apple sent the researcher asked that they keep the details confidential until iOS 15.1 is released, which is apparently in the coming weeks on the 25th of October, so we might have to wait until then to see the proof of concept.
Filed in. Read more about Hack, iPhone and Security.
Denial of responsibility! Verticall lobby is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – firstname.lastname@example.org. The content will be deleted within 24 hours.