Wi-Fi hotspots can put iPhones into ETERNAL super slow-mo

'Phantom' hack sends your iThings into a tailspin of torpor

A vulnerability fixed in this week's Apple patch run can easily brick iPhones, researchers say.

The flaw (CVE-2015-1118) dubbed "Phantom" allows attackers who can trick users into changing their iDevice proxy settings to tap into multiple use-after-free vulnerabilities.

Doing so causes constant ubiquitous app crashing including the system platform. Rebooting sends affected devices into a "coma" state.

FireEye bods Zhaofeng Chen; Hui Xue; Tao Wei, and Yulong Zhang, say attackers could set up large Wi-Fi hotspots to con users into altering their settings and destroying their phones.

"An attacker may distribute a malicious [configuration] profile containing proxy settings to users connected to a given Wi-Fi hotspot. If the attacker has convincing social-engineering skills, a user who does not understand the security risks might proceed to install a malicious profile [and] the attacker can then modify the victim’s proxy settings to launch Phantom attacks," the quartet wrote in an advisory.

"Configuring HTTP proxy to abnormal values triggers multiple use-after-free (UAF) issues in libsystem_network.dylib. This vulnerability can lead to several undesired security consequences, e.g. most of networking apps will crash immediately, including system components; the system will respond sluggishly, and it is even not able to reboot successfully."

Apple iPhones throw warnings that traffic could be monitored which could serve to scare off savvy users.

Alternatively the researchers demonstrated how attackers could hijack HTTP traffic and tamper with proxy auto configuration files commonly used in Wi-Fi hotspots.

"The user has done nothing wrong, but the attacker now is able to change the proxy by hijacking the legitimate PAC and to perform the Phantom attack. After being attacked, the user cannot use any networking apps which all terminate immediately."

Wi-Fi hotspot admins should deliver content over HTTPS while system administrators should get users to upgrade their iDevices, the team says.

This hack imagines net pests using Phantom to get users to brick their own devices without the need to set up nasty WiFi hotspots; In recent years, slick but fake Cupertino posters have crawled out of 4Chan tricking users into thinking that the rm rf commands will unlock extra storage or reveal a powerful hidden Bitcoin miner. It instead wiped drives.

iOS Proxy Vulnerability

Other stories you might like

Biting the hand that feeds IT © 1998–2022