Article Lead Image

New iOS security flaw could crash any device over Wi-Fi

Beware those all-too-conveniently named Wi-Fi networks.

 

AJ Dellinger

Tech

Posted on Apr 22, 2015   Updated on May 29, 2021, 12:27 am CDT

Careful which Wi-Fi network you connect to: According to a presentation from security firm Skycure, a bug in iOS 8 could allow attackers to crash any device through a Wi-Fi hotspot.

Presented for the first time at the RSA Conference, the vulnerability known as No iOS Zone manipulates SSL certificates sent over the wireless network to generate a bug that makes iOS crash at will. SSL is utilized by virtually all iOS apps and in the operating system itself, making for a large surface of attack.

“One day, during preparation for a demonstration of a network-based attack, we bought a new router. After setting the router in a specific configuration and connecting devices to it, our team witnessed the sudden crash of an iOS app,” Skycure CEO Yair Amit wrote in a blog post documenting the vulnerability.

When exploited, the vulnerability can render an iOS device completely useless. In the worst case scenario, the attack can place a phone into a continuous boot loop, crashing the phone every time it attempts to restart. It essentially becomes a denial of service attack perpetrated against every device that comes in contact with the hotspot.

Making the risk potentially worse, the security researchers at Skycure combined the No iOS Zone vulnerability with an older security flaw dubbed WiFiGate. The exploit revealed that iOS devices are often programmed by carriers to automatically connect to certain networks based on its name. A network named “attwifi” will draw a connection from AT&T devices, for example. “In a nutshell, the impact was that an attacker could create their own network, and force external devices to automatically connect to it,” Amit wrote.

By combining the forced connectivity of WiFiGate with the ability to send phone-crashed SSL certificates through the No iOS Zone exploit could lead to catastrophic results if deployed in densely populated areas like an office building or airport terminal. An attacker could take out every phone within range of a hotspot, leaving the victims helpless for as long as they’re connected.

Skycure has been in contact with Apple and are working to fix the flaws. In the meantime, the firm suggests updating iOS devices to iOS 8.3, which may have fixed some of the threats, and avoiding potentially suspicious Wi-Fi networks. Skycure also produces its own app which can monitor threats that your device may encounter.

H/T Gizmodo | Photo via omarjordanf/Flickr (CC BY SA 2.0)

Share this article
*First Published: Apr 22, 2015, 2:58 pm CDT