Dodgy ‘No iOS Zone’ Wi-Fi Network Could Crash Every iPhone And iPad In Sight

A hacked Wi-Fi router could cause any iPhone or iPad device within range to be rendered absolutely useless, say security researchers.

A team at security firm Skycure has discovered an SSL vulnerability that causes iOS and apps to crash repeatedly by setting a router in a specific configuration.

It says that only iOS devices are affected and that if combined with a previously discovered bug called WiFiGate, which allows for the creation of a dodgy network that forces any device in its reach to automatically connect, entire areas could be declared ‘no iOS zones’.

No iOS Zone

“Basically, by generating a specially crafted SSL certificate, attackers can regenerate a bug and cause apps that perform SSL communication to crash at will,” said Yair Amit, CTO and co-founder of Skycure. “With our finding, we rushed to create a script that exploits the bug over a network interface.

“As SSL is a security best practice and is utilized in almost all apps in the Apple app store, the attack surface is very wide. We knew that any delay in patching the vulnerability could lead to a serious business impact: an organized denial of service (DoS) attack can lead to big losses.”

But this vulnerability affects iOS itself, with continued use of an iPhone in an affected network eventually causing the operating system to enter an endless reboot cycle.

“It puts the victim’s device in an unusable state for as long as the attack impacts a device. Even if victims understand that the attack comes from a Wi-Fi network, they can’t disable the Wi-Fi interface in the repeated restart state,” continued Amit, who discussed the possibility of combining the bug with WiFi Gate.

Run as fast as you can

“Envision a small device, which automatically captures any iOS device in range and gets it to join a fake network,” he said. “Then, it issues the attack and crashes attacked iOS devices again and again. Victims in range cannot do anything about it. Think about the impact of launching such an attack on Wall Street, or maybe at the world’s busiest airports, or at large utility plants. The results would be catastrophic.”

The SSL bug has been reported to Apple, but since Skycure is unaware whether it has been fixed, it has not released any additional technical details. Apple had not responded to TechWeekEurope’s request for comment at the time of publication.

Until such a time Apple does fix the problem, the only known way to mitigate the problem is to disconnect from a “bad” network before it’s too late, or leave the network’s reach.

What do you know about the iPhone 6, iPhone 6 Plus and Apple Watch? Try our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

4 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

5 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

6 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

8 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

11 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

11 hours ago