Google Project Zero security expert Ian Beer published a report on a critical vulnerability found in iOS that allowed remote access to a device without any actions from the owner. The bug was fixed back in May, and no traces of its use were found in the real world.
Beer spent a year and a half studying the vulnerability. The reason was hidden in the Apple Wireless Direct Link protocol, which is partially used when transferring with AirDrop.
How did the hacking take place?
The hacking kit fits into a backpack: a laptop, a Raspberry Pi, and several Wi-Fi adapters, but the key connects to the same Wi-Fi network as the victim. Beer created several ways to exploit the vulnerability, one of which allowed access to all personal data, including passwords, photos, and messages.
The bug was fixed in iOS 13.5, and no evidence of exploiting the vulnerability was found in real life. Apple did not acknowledge, but did not deny, the vulnerability in early versions of iOS.