London Daily

Focus on the big picture.
Sunday, Jul 05, 2026

Google engineer demonstrate how he could get full control and copy all data from 25 iPhones without touching them

iPhone security? Hmmm... In this demo I remotely trigger an unauthenticated kernel memory corruption vulnerability which causes all iOS devices in radio-proximity to reboot, with no user interaction. Over the next 30'000 words I'll cover the entire process to go from this basic demo to successfully exploiting this vulnerability in order to run arbitrary code on any nearby iOS device and steal all the user data

One of the geniuses working for Google on Project Zero wrote on his blogpost and on his YouTube videos:

Introduction
Quoting @halvarflake's Offensivecon keynote from February 2020:

"Exploits are the closest thing to "magic spells" we experience in the real world: Construct the right incantation, gain remote control over device."

For 6 months of 2020, while locked down in the corner of my bedroom surrounded by my lovely, screaming children, I've been working on a magic spell of my own. No, sadly not an incantation to convince the kids to sleep in until 9am every morning, but instead a wormable radio-proximity exploit which allows me to gain complete control over any iPhone in my vicinity. View all the photos, read all the email, copy all the private messages and monitor everything which happens on there in real-time.

The takeaway from this project should not be: no one will spend six months of their life just to hack my phone, I'm fine.

Instead, it should be: one person, working alone in their bedroom, was able to build a capability which would allow them to seriously compromise iPhone users they'd come into close contact with.

Imagine the sense of power an attacker with such a capability must feel. As we all pour more and more of our souls into these devices, an attacker can gain a treasure trove of information on an unsuspecting target.

What's more, with directional antennas, higher transmission powers and sensitive receivers the range of such attacks can be considerable.

I have no evidence that these issues were exploited in the wild; I found them myself through manual reverse engineering. But we do know that exploit vendors seemed to take notice of these fixes. For example, take this tweet from Mark Dowd, the co-founder of Azimuth Security, an Australian "market-leading information security business":

Watch the videos and read his full post here.

Newsletter

Related Articles

0:00
0:00
Close
Royal Society Exhibition Highlights Growing Focus on Public Trust in Science
Energy Costs and Supply Chain Risks Continue to Shape UK Business Strategy
Rapid Rise in Artificial Intelligence Adoption Reshapes UK Corporate Operations, ONS Says
UK Businesses Turn Defensive as Economic Outlook Weakens, Institute of Directors Data Shows
UK Government Faces Criticism Over Late Extension of Pub Hours for England Match
Inquest Continues Into Death of Noah Donohoe as Jury Deliberates Findings
Calls for Stronger Wildlife Attraction Safety Rules After Crocodile Enclosure Injury
City Fire Under Control After Major Blaze Sends Smoke Across Urban Area
Police Investigation Continues After Officer Killed During Road Closure Duties
Blackpool Hotel Fined £120,000 After Electric Shock Incident Involving Child
Whistleblowers Allege Delays in UK Special Educational Needs Support Services
Calls Grow for Improved Support for UK Armed Forces Personnel Facing Health Conditions
Rising UK Energy Price Cap Increase Prompts Wider Concerns Over Household Pressures
UK Businesses Remain Concerned Over Global Conflict Risks to Supply Chains, ONS Finds
Office for National Statistics Reports Rising Adoption of Artificial Intelligence Across UK Businesses
Institute of Directors Reports Deepening Pessimism in UK Business Confidence Index
England Prepare for World Cup Round of 16 Match Against Mexico in Mexico City
Royal Society Summer Science Exhibition Concludes in London After Week-Long Showcase of Research
Silverstone Hosts British Grand Prix as Lando Norris and Lewis Hamilton Lead Home Crowd Expectations
Cornwall Van Dwellers Face Homelessness Risk as Council Tightens Enforcement
Police Investigate Stabbing of Iranian Journalist in London
Rare Copy of US Declaration of Independence Discovered in UK Archive
Department for Education Data Shows Persistent Literacy Gap Among Disadvantaged White Pupils
London Casino Faces Legal Action Over Alleged Tip Distribution Practices
England Records Hottest June on Record as Heatwave Disrupts Services Nationwide
UK Foreign Office Ends Overseas Education Programme for Women and Girls After Shortfall
UK Lawmakers Call for Urgent Action to Preserve Historic Outdoor Lidos
Police Criticise Extended Pub Opening Hours for England World Cup Fixture in Mexico
UK Safety Authorities Warn Parents Over AI-Generated Child Abuse Imagery Risks
Reform UK-Led Council Struggles to Attract Sponsors for Union Flag Promotion Scheme
OpenAI UK Investment Uncertainty Grows After Reported Setback on Stargate Data Centre Site
British Medical Association Warns of Severe Financial Crisis and Possible Staff Cuts
UK Devolution Debate Intensifies as Celtic Nations Prepare Breakup Contingency Plans
Starmer Signals Labour Transition as Burnham Emerges as Potential Successor
UK Government Consults International Partners on Maritime Trade Security and Energy Market Stability
Rare Revolutionary-Era Documents Discovered by UK Archives and Undergoing Authentication
UK Consumer Confidence Remains Deep in Negative Territory as Household Spending Stays Cautious
Transport for London Warns of Severe Disruption as Major Events Converge in Central London
NHS and Social Care Sectors Face Ongoing Recruitment Shortages Amid Persistent Workforce Gaps
Rising Energy Costs Drive Price Pressures Across UK Retail and Service Sectors
Competition and Markets Authority Expands Review of Artificial Intelligence Impact on UK Media Markets
UK Parliamentary Committees Intensify Scrutiny of National Security and Industrial Policy Legislation
Bank of England Faces Persistent Inflation Pressure as Rate Cut Expectations Fade
UK Public Finances Under Pressure as Borrowing Exceeds Forecast and Debt Nears 95% of GDP
Major Police Deployment Across Central London as Mass Demonstrations and Pride Parade Converge
Large-Scale Police Dispersal Powers Activated in Liverpool Ahead of Anti-Immigration Protests and Counter-Demonstrations
Luxury bags take over the World Cup: style, status symbol, or just showing off?
National Productivity Institute Highlights Weak Business Investment Outside Southern England
UK High Court Orders Reassessment of Environmental Impact in Major Highway Project
UK Cyber Security Centre Warns of Rising Threat From State-Sponsored Digital Espionage
×