A group of researchers has discovered a Wi-fi bug that allows hackers to get past an iPhone’s lock screen and install apps without the knowledge of the user.
The researchers won a prize of $110,000 for discovering the bug and Apple will release a security patch soon to remove the Wi-Fi bug.
The said researchers demonstrated the presence of the Wi-Fi bug at the global Pwn2Own hacking contest in Tokyo which was not only attended by many well-meaning hacker but also representatives from Apple, Google, and Huawei. The contest has been designed to encourage hackers to identify zero-day security risks and ways to resolve them.
The research team, calling themselves the Tencent Keen Security Lab, succeeded in a contest that required them to target the Wu-Fi application on an iPhone 7 handset.
‘Tencent Keen Security Lab gets code exectution through a WiFi bug and escalates privileges to persist through a reboot. The four bugs used earn them a total of $110,000 and 11 Master of Pwn points,’ said the contest website.
The team also used two bugs to exploit the Safari browser, winning an additional $45,000 in the process. The vulnerabilities have been reported to Apple but their details will not be published for 90 days to allow Apple to build a fix in the meantime.
‘Once we verify the research presented is a true 0-day exploit, we immediately disclose the vulnerability to the vendor, who then has 90 days to release a fix. Representatives from Apple, Google, and Huawei are all here and able to ask questions of the researchers if needed.
‘At the end of the disclosure deadline, if a vendor is unresponsive or unable to provide a reasonable statement as to why the vulnerability is not fixed, the ZDI will publish a limited advisory including mitigation in an effort to enable the defensive community to protect users,’ the website said.
This is the second such Wi-Fi bug discovered in iPhones this year. Last month, security researchers uncovered several key management vulnerabilities in WPA2 security protocol that left all Wi-Fi devices, including iPhones, vulnerable to hackers. Apple said that security updates to patch the recent vulnerabilities are currently being tested and will be rolled out in the coming weeks.