Multiple iPhone and iPad users at risk after Apple left a major security issue within their mobile operating system accessible until just this week, the vulnerability allows an unauthorised user to brute force their way into almost 1.4 Billion Active Apple devices which haven’t updated to the latest software using a specific technique.
The issue in question is focused on exploiting the Bluetooth chip within Apple’s iPhones and iPads in order for an individual to gain access to a device and then download malware/viruses to it, in some cases, damaging it beyond repair.
Furthermore, Apple did disclose that only devices that are not running on the latest version of their mobile operating system, known commonly as iOS, are exposed to this exploit. However, this means that almost 1.5 Billion users are therefore at risk of this happening to their product.
This is especially bad for businesses who may use older devices which cannot run the latest version of Apple’s software due to their age and their outdated status. To add to this business will usually use their devices on public networks and leave Bluetooth running by default, hence putting their devices at risk of being exploited by customers in their stores.
The exploit in question is referred to as the Key Negotiation of Bluetooth, also known as the ‘KNOB’ attack, and the attack itself is complex due to the fact that it uses ‘Brute Force’ tactics to access any standard compliant Bluetooth device and the device itself.
Now this doesn’t seem too bad considering that not everyone keeps Bluetooth switched on but after setting up a new Apple product Bluetooth is on by default and this can pose a further risk to all of the devices that are now outdated. Such as for example all devices that no longer support Apple’s latest iOS 12 and therefore Apple will need to create a separate software fix for devices that are now unsupported.
Finally, due to this being a widespread issue for individuals who have not updated their devices, in order to appropriately protect an affected device Apple recommends that users update their devices as soon as they can as Apple is releasing a fix that will better secure the device.