Security Flaw Lets Attackers Crash Any iPhone Or iPad Within Wi-Fi Range

At the RSA security conference in San Francisco today, researchers from security firm Skycure presented 'No iOS Zone', a vulnerability that would let attackers crash any iOS device within range of a Wi-Fi hotspot -- whether you deliberately connect or not. Gulp.

The vulnerability takes advantage of a bug in iOS 8: namely, that by manipulating SSL certificates sent to iOS devices over a network -- certificates used in virtually every app, and in iOS itself -- the researchers could make iOS devices crash, in the worst-case scenario putting them into a constant boot-loop.

At first glance, the vulnerability doesn't seem too bad: after all, in order to have those bad SSL certificates sent to you, the attacker needs control of the Wi-Fi network. So just don't connect to random Wi-Fi hotspots, and you should be fine -- or you'd think.

The researchers combined the SSL certificate flaw with an older exploit, one they'd named WiFiGate. In short, they found that iOS devices are pre-programmed by the carrier to automatically connect to certain networks. For example, AT&T customers will auto-connect to any network called 'attwifi'. There's no way to prevent your phone from doing this, short of turning Wi-Fi off altogether.

The end result is that the Skycure team could create a tainted Wi-Fi hotspot, which any nearby iOS device would connect to, and then constantly crash, rendering the device useless. And, because the device is stuck in a bootloop, there's no easy way to disable Wi-Fi, and escape the hacker's network.

As the researchers pointed out in their presentation, the vulnerability can be used to render any iOS device in a certain location completely useless. Sure, that means no more Snapchat for the tweens, but in sensitive locations (cough, Wall Street) it could wreak havoc.

The team is working with Apple on a fix; in the meantime, they haven't disclosed the full details of their attack, but anyone with an iPhone is theoretically vulnerable for now. Consider this your monthly reminder to stay the hell away from dodgy Wi-Fi networks. Better yet, just burn your smartphone and live inside a Faraday cage. [Skycure via The Register]



    When can I get this? I want to run it on my home WiFi


    Last edited 23/04/15 9:01 am

      As someone who uses an iOS device I would rather you not.

    At least we know this will get fixed. Unlike Android where security flaws are left open on a vast majority of phones.

      Jesus Christ. Pretty much the point of this article is to point out that they are NOT fixing the problem.

      There is 0% chance you aren't a burden on your loved ones.

      You are that stupid.

      Last edited 23/04/15 10:23 am

        From the article: "The team is working with Apple on a fix".

        You know, you really should refrain from calling anyone stupid while making an error of this kind of scale.

        Wait, your name is Dainbramaged, the article says they are fixing it in the last paragraph, and you're calling people "a burden on loved ones" because they're stupid for not reading the article? There is so much accumulated stupidity in the comment that I don't even know where to begin.

    But but but iPhones are infallible and they don't have these kinds of problems. Well that's what we keep hearing from the Apple faithful.

    So once you leave the range of the bugged WiFi hotspot then does your iOS device "fix itself" i.e stop rebooting?

      Nope, it would corrupt a system file needing a restore when you get either back home or to the nearest genius bar.

    Better yet, just burn your smartphone and live inside a Faraday cage.

    Or get an Android device!

      Where there is a very high possibility that my carrier will not allow me to download the update that fixes the problem until over a year later, if my device even supports the update at all?

      No thanks, I'll stick to iOS.

      Last edited 23/04/15 11:02 am

        To be fair, that's thanks to bullshit carrier policy not the OS itself...

          Yet the OS still allows it...

            Read up on WiFi gate and you'll find its a carrier based flaw which they refuse to fix. Both have their own carrier issues with fixes.

            I don't understand your comment.... It has nothing to do with the OS. The OS doesn't "allow" anything.

            That's like complaining that optus gets a particular handset before telstra. It's purely business, contract, legal bullshit and has nothing to do with the handset itself.

            Yes Google could bypass carriers and force updates but it's generally bad business to spit in your distributor/partner's face.

            Android being an open platform means that those who want upgrades ASAP can do it themselves with fairly minimal fuss. If you don't have enough technical knowledge to do it yourself, you probably don't care about waiting a bit longer for an update.

    My only question is where is the picture of the possessed/broken/evil Apple logo as counterpart to the Android equivalent that always gets rolled out with one of these stories :D

      These stories are so rare that it isn't worth making one

Join the discussion!

Trending Stories Right Now