A hacked Wi-Fi router could cause any iPhone or iPad device within range to be rendered absolutely useless, say security researchers.
A team at security firm Skycure has discovered an SSL vulnerability that causes iOS and apps to crash repeatedly by setting a router in a specific configuration.
It says that only iOS devices are affected and that if combined with a previously discovered bug called WiFiGate, which allows for the creation of a dodgy network that forces any device in its reach to automatically connect, entire areas could be declared ‘no iOS zones’.
No iOS Zone
“Basically, by generating a specially crafted SSL certificate, attackers can regenerate a bug and cause apps that perform SSL communication to crash at will,” said Yair Amit, CTO and co-founder of Skycure. “With our finding, we rushed to create a script that exploits the bug over a network interface.
“As SSL is a security best practice and is utilized in almost all apps in the Apple app store, the attack surface is very wide. We knew that any delay in patching the vulnerability could lead to a serious business impact: an organized denial of service (DoS) attack can lead to big losses.”
But this vulnerability affects iOS itself, with continued use of an iPhone in an affected network eventually causing the operating system to enter an endless reboot cycle.
“It puts the victim’s device in an unusable state for as long as the attack impacts a device. Even if victims understand that the attack comes from a Wi-Fi network, they can’t disable the Wi-Fi interface in the repeated restart state,” continued Amit, who discussed the possibility of combining the bug with WiFi Gate.
No comments:
Post a Comment