the KRACK vulnerability that hit about everyone using WiFi. The latest vulnerability was uncovered during a Tokyo hackathon by a team from Tencent’s Keen Lab.
Their hack of the latest iOS used WiFi and four software bugs to run malware on an iPhone 7. As a result, the hackers were able to remove selected data from the device. The malwarized phone used the latest Apple version of iOS 11.1 and was fully patched.
The hacking team won a cool $110,000 from the Mobile Pwn2Own hacking contest for this feat.
Details of the hack have not yet been publicized. According to standard operating practice, Apple has been notified of the vulnerability and has 90 days to fix the problem. If they don’t fix it within this window – or explain why they did not – researchers are free to tell the public about the exploit.
Both KRACK and the Keen hackers utilized WiFi vulnerabilities to their advantage. However, that’s not all the Keen Team did. They took home an additional $45,000 by hacking Apple’s Safari browser on an iPhone 7 and $100,000 for successfully attacking a Huawei baseband processor in a Chinese Mate9 Pro device.
Mobile Pwn2Own is an annual competition for hackers, awarding over $500,000 in prize money and phones to participants. This year, the hackers found 32 unique bugs in two days – the best ever results for the contest: https://www.thezdi.com/blog/
As the details of the hack have not yet been publicized, we don’t know how the Keen hackers were able to malwarize this iPhone 7. However, you should take security seriously – although you might use an Apple device. Secure your connections – especially in public WiFi – by using a VPN.