Security researchers discover a new iOS
vulnerability “No iOS Zone” which lets
hackers crash any iPhone or iPad within Wi-
Fi range
Security researchers at security firm Skycure have
discovered a new iOS vulnerability called “No iOS Zone’
which allows any would hacker to crash any iPhone/iPad or
iPod Touch within the range of a Wi-Fi hotpost whether the
user deliberately connects it or not.
The researchers presented the vulnerability at the RSA
security conference in San Francisco today.
The bug affects iOS 8 and takes advantage of the bug in it by manipulating the SSL certificates sent to the iPhone or
iPad and making them crash or putting them in a constant restart loop. The SSL certificates are used by all apps on
iOS and the iOS itself the authenticate and run.
If you thought that not connecting to random Wi-Fi hotspots wont land you in trouble with the above vulnerability, the
security researchers have combined the SSL certificate flaw with an older exploit called WiFiGate. After combining the
two vulnerabilities, they found that iOS devices are pre-programmed by the carrier to automatically connect to certain
networks. For example, AT&T customers will auto-connect to any network called ‘attwifi’. So there’s no way to prevent
your phone from doing this other than turning the Wi-Fi completely off unless you are in a trusted zone.
The Skycure team during the presentation, created a Wi-Fi hotspot using the two vulnerabilities, which made any iPhone
and iPad in the vicinity connect to it and crash or go into a bootloop. Once the iPhone or iPad homed in on to the
corrupt Wi-Fi hotspot there is not possibility for the user to recover or to turn of the Wi-Fi because the iPhone/iPad is
in a continuous bootloop.
Skycure said that they were working with Apple for a fix to the iOS operating system and they are not sure whether
Apple’s latest version, iOS 8.3 may have fixed the issue, and till such time they havent disclosed the Proof of Concept.
They stated that iPhone and iPad users can avoid this vulnerability by using following ways :
1. Users should disconnect from the bad Wi-Fi network or change their location in case they experience continuous
crashing or rebooting.
2. The latest iOS 8.3 update might have fixed a few of the mentioned threats–users are highly advised to upgrade
to the latest version.
3. In general, users should avoid connecting to any suspicious “FREE” Wi-Fi network.
vulnerability “No iOS Zone” which lets
hackers crash any iPhone or iPad within Wi-
Fi range
Security researchers at security firm Skycure have
discovered a new iOS vulnerability called “No iOS Zone’
which allows any would hacker to crash any iPhone/iPad or
iPod Touch within the range of a Wi-Fi hotpost whether the
user deliberately connects it or not.
The researchers presented the vulnerability at the RSA
security conference in San Francisco today.
The bug affects iOS 8 and takes advantage of the bug in it by manipulating the SSL certificates sent to the iPhone or
iPad and making them crash or putting them in a constant restart loop. The SSL certificates are used by all apps on
iOS and the iOS itself the authenticate and run.
If you thought that not connecting to random Wi-Fi hotspots wont land you in trouble with the above vulnerability, the
security researchers have combined the SSL certificate flaw with an older exploit called WiFiGate. After combining the
two vulnerabilities, they found that iOS devices are pre-programmed by the carrier to automatically connect to certain
networks. For example, AT&T customers will auto-connect to any network called ‘attwifi’. So there’s no way to prevent
your phone from doing this other than turning the Wi-Fi completely off unless you are in a trusted zone.
The Skycure team during the presentation, created a Wi-Fi hotspot using the two vulnerabilities, which made any iPhone
and iPad in the vicinity connect to it and crash or go into a bootloop. Once the iPhone or iPad homed in on to the
corrupt Wi-Fi hotspot there is not possibility for the user to recover or to turn of the Wi-Fi because the iPhone/iPad is
in a continuous bootloop.
Skycure said that they were working with Apple for a fix to the iOS operating system and they are not sure whether
Apple’s latest version, iOS 8.3 may have fixed the issue, and till such time they havent disclosed the Proof of Concept.
They stated that iPhone and iPad users can avoid this vulnerability by using following ways :
1. Users should disconnect from the bad Wi-Fi network or change their location in case they experience continuous
crashing or rebooting.
2. The latest iOS 8.3 update might have fixed a few of the mentioned threats–users are highly advised to upgrade
to the latest version.
3. In general, users should avoid connecting to any suspicious “FREE” Wi-Fi network.
Post a Comment