Researchers say the combination of a dodgy SSL certificate and Wi-FiGate could create ‘no iOS zones’, causing havoc for Apple users
A hacked Wi-Fi router could cause any iPhone or iPad device within range to be rendered absolutely useless, say security researchers.
A team at security firm Skycure has discovered an SSL vulnerability that causes iOS and apps to crash repeatedly by setting a router in a specific configuration.
It says that only iOS devices are affected and that if combined with a previously discovered bug called WiFiGate, which allows for the creation of a dodgy network that forces any device in its reach to automatically connect, entire areas could be declared ‘no iOS zones’.
No iOS Zone
“Basically, by generating a specially crafted SSL certificate, attackers can regenerate a bug and cause apps that perform SSL communication to crash at will,” said Yair Amit, CTO and co-founder of Skycure. “With our finding, we rushed to create a script that exploits the bug over a network interface.
“As SSL is a security best practice and is utilized in almost all apps in the Apple app store, the attack surface is very wide. We knew that any delay in patching the vulnerability could lead to a serious business impact: an organized denial of service (DoS) attack can lead to big losses.”
But this vulnerability affects iOS itself, with continued use of an iPhone in an affected network eventually causing the operating system to enter an endless reboot cycle.
“It puts the victim’s device in an unusable state for as long as the attack impacts a device. Even if victims understand that the attack comes from a Wi-Fi network, they can’t disable the Wi-Fi interface in the repeated restart state,” continued Amit, who discussed the possibility of combining the bug with WiFi Gate.
Run as fast as you can
“Envision a small device, which automatically captures any iOS device in range and gets it to join a fake network,” he said. “Then, it issues the attack and crashes attacked iOS devices again and again. Victims in range cannot do anything about it. Think about the impact of launching such an attack on Wall Street, or maybe at the world’s busiest airports, or at large utility plants. The results would be catastrophic.”
The SSL bug has been reported to Apple, but since Skycure is unaware whether it has been fixed, it has not released any additional technical details. Apple had not responded to TechWeekEurope’s request for comment at the time of publication.
Until such a time Apple does fix the problem, the only known way to mitigate the problem is to disconnect from a “bad” network before it’s too late, or leave the network’s reach.
What do you know about the iPhone 6, iPhone 6 Plus and Apple Watch? Try our quiz!