At the RSA security conference in San Francisco today, researchers from security firm Skycure presented ‘No iOS Zone’, a vulnerability that would let attackers crash any iOS device within range of a WiFi hotspot — whether you deliberately connect or not. Gulp.
The vulnerability takes advantage of a bug in iOS 8: namely, that by manipulating SSL certificates sent to iOS devices over a network — certificates used in virtually every app, and in iOS itself — the researchers could make iOS devices crash, in the worst-case scenario putting them into a constant boot-loop.
At first glance, the vulnerability doesn’t seem too bad: after all, in order to have those bad SSL certificates sent to you, the attacker needs control of the Wi-Fi network. So just don’t connect to random Wi-Fi hotspots, and you should be fine — or you’d think.
The researchers combined the SSL certificate flaw with an older exploit, one they’d named WiFiGate. In short, they found that iOS devices are pre-programmed by the carrier to automatically connect to certain networks. For example, AT&T customers will auto-connect to any network called ‘attwifi’. There’s no way to prevent your phone from doing this, short of turning Wi-Fi off altogether.
The end result is that the Skycure team could create a tainted Wi-Fi hotspot, which any nearby iOS device would connect to, and then constantly crash, rendering the device useless. And, because the device is stuck in a bootloop, there’s no easy way to disable Wi-Fi, and escape the hacker’s network.
As the researchers pointed out in their presentation, the vulnerability can be used to render any iOS device in a certain location completely useless. Sure, that means no more Snapchat for the tweens, but in sensitive locations (cough, Wall Street) it could wreak havoc.
The team is working with Apple on a fix; in the meantime, they haven’t disclosed the full details of their attack, but anyone with an iPhone is theoretically vulnerable for now. Consider this your monthly reminder to stay the hell away from dodgy Wi-Fi networks. Better yet, just burn your smartphone and live inside a Faraday cage. [Skycure via The Register]
Contact the author at firstname.lastname@example.org.