Evil Wi-Fi kills iPhones, iPods in range – 'No iOS Zone' SSL bug revealed
The fix? RUN AWAY!
RSA 2015 A vulnerability in iOS 8 can be exploited by malicious wireless hotspots to repeatedly crash and reboot nearby Apple iPhones, iPads and iPods, security researchers claim.
Skycure bods Adi Sharabani and Yair Amit say the attack, dubbed "No iOS Zone", will render vulnerable iOS things within range unstable – or even entirely unusable by triggering constant reboots.
“Anyone can take any router and create a Wi-Fi hotspot that forces you to connect to their network, and then manipulate the traffic to cause apps and the operating system to crash,” Sharabani told the RSA security conference in San Francisco today.
“There is nothing you can do about it other than physically running away from the attackers. This is not a denial-of-service where you can't use your Wi-Fi – this is a denial-of-service so you can't use your device even in offline mode.”
The denial-of-service is triggered by manipulating SSL certificates sent to the iOS devices over Wi-Fi; specially crafted data will cause apps or possibly the operating system to crash.
"As the vulnerability has not been confirmed as fully fixed yet, we’ve decided to refrain from providing additional technical details, in order to make sure iOS users are not exposed to the exploit caused by this vulnerability," the pair explained.
It is a choice attack for disrupting political events, or at financial hubs like Wall Street, Sharabani suggested. Neither Apple nor Skycure have seen the vulnerability exploited in the wild, but the pair predict more of these kind of attacks in the future.
A slide from the pair's talk ... Crash, rinse, repeat
The duo are still working with Apple to address the security hole, Amit told El Reg. He praised the California giant for its quick response in attempting to tackle the No iOS Zone vulnerability.
He also said the attack can be combined with HTTP request hijacking to trick iOS apps into pulling information from an attacker's servers, allowing the miscreant to compromise the software by feeding it bad data.
The duo's slide deck on the wireless attack can be downloaded as a PDF, here. ®
- Apple M1
- App stores
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Tim Cook
- Trusted Platform Module
- Zero trust