As reported by engadget,
It wouldn’t have been trivial to stage an attack, but it wouldn’t have been difficult, either. Beer used a laptop, a Raspberry Pi 4 and a readily available Netgear WiFi adapter, and he was working from home during a pandemic lockdown. The stealthiness was the greater concern. A perpetrator could have swiped personal data while leaving you completely oblivious, at least as long as there was a reasonably close hiding place.
Notice the use of the past tense, however. Apple fixed the flaw in iOS 13.3.1, before iOS 13.5 arrived with COVID-19 contact tracing. It’s also unclear if anyone made use of the flaw in the wild, which might have been difficult with many people working from home. Still, this could easily have been a serious problem in apartments and other places where it’s difficult to stay out of WiFi distance from others.