Researchers set up malicious Wi-Fi network to hoodwink iPhone and iPads into downloading dodgy updates
A flaw in iOS that bricked iPhones and iPads by resetting the internal clock to 1970 has been resurrected
Security researchers from PacketSled found that they were able to trick Apple devices into downloading a malicious update that changed the date, by setting up rogue Wi-Fi networks and exploiting flaw that connects Apple devices automatically to previously accessed hotspots.
The flaw was first revealed back in February by security researcher Zach Straley, who found that any device running iOS 8.0 or above and equipped with a 64-bit processor appeared to be open to the defect, putting a large number of iPhone and iPad devices at risk.
Looking to see if the flaw was still active, PacketSled researchers Patrick Kelley and Matt Harrigan set up a fake open Wi-Fi network that, when connected, would automatically force devices to download time and date updates from their own NTP time server, setting the clocks back to January 1, 1970.
Apple devices are set up to automatically connect to Wi-Fi networks that they have previously encountered without needing a lengthy log in process, meaning that all the researchers needed to do was label their malicious network with a common name.
Tests of this network found that any device brought within range rebooted before beginning to slowly self-destruct.
Harrigan and Kelley told Krebs on Security that encryption certificates included with iOS apps are to blame, as they stop working correctly if the set date on the device is set to a year that predates the certificate’s issuance.
The ensuring panic caused by a full range of apps all struggling to operate correctly then overwhelms the CPU of the device, causing it’s a heat surge that results in a reboot and eventual slow death.
Apple has not commented on the flaw, but was quick to fix the initial bug, recommending that users upgrade to the latest version of iOS, 9.3.1, as soon as possible.
How much do you know about the iPhone? Take our quiz!