Bluetooth is a wireless connectivity option that we use quite a bit, whether it’s pairing devices with headphones, speakers, keyboards, or mice. Unfortunately for iPhone users, it seems that a Bluetooth exploit has been discovered where it can actually be used to remotely wipe nearby iPhones.
The scary thing about this exploit is that the iPhone owner does not need to do anything on their end, which means that you don’t need to click any suspicious links, open strange emails, and so on. According to a tweet by the researcher who discovered it, it seems that it can be as simple as the hacker riding around with a Bluetooth enabled laptop in their backpack and remotely wipe iPhones around them.
POC? RCE up to 15.0.X ~ High level proximity based Bluetooth LE exploit to remote wipe iDevices based on proximity alone! No physical device access.
In short can put a laptop in a backpack and ride a bike in a city wiping iPhones :)
— Robert (@RobertCFO) October 13, 2021
The good news is that Apple has since been made aware of the issue and that apparently it is fixed in iOS 15.1. However, as iOS 15.1 is still in beta, this means that pretty much everyone not in the beta is vulnerable to the exploit. The researcher does not detail how the exploit can be pulled off, but they apparently plan on releasing a proof of concept soon.
Some have pointed out that the email Apple sent the researcher asked that they keep the details confidential until iOS 15.1 is released, which is apparently in the coming weeks on the 25th of October, so we might have to wait until then to see the proof of concept.