A newly discovered bug allows hackers to use a simple wi-fi network in order to force iPhones and iPads into restart loops that make the iOS devices repeatedly crash and reboot.
Security firm Skycure discovered the worrying hack. iOS devices in range of the wi-fi network are unable to be recovered as they crash instantly when rebooted, so the only fix for each device is to move away from the ‘No iOS Zone’ to an area with cellular network or different wi-fi network. The hack is executed by creating a an SSL certificate, usually used to provide a secure connection, to trigger an OS bug that crashes any app or browser using SSL. SSL or Secure Socket Layer certificates are used by apps to transfer data securely and are an internet best practice. They allow apps to ensure secure transfer of anything from photos to credit card details during a purchase, however the bug is a problem in iOS not in SSL which is merely used to exploit it.
After Skycure had discovered the bug, they created a script that exploited it over a network. Skycure’s researchers Yair Amit and Adi Sharabani have said the attack surface is very wide as SSL is used by almost all apps in the Apple App Store because it’s a best practice for security. The bug could lead to organised denial of service attacks that can create big losses in business environments by sending toxic SSL certificates, so Skycure didn’t want to delay in reporting the vulnerability so that it could be patched quickly.
It’s not just apps that the bug can crash, operating systems can also be crashed too and can create a reboot loop that prevents users from being able to use their phone at all. There’s a large amount of devices that are exposed to the bug so operating system crashes may be more likely the more iOS devices that are connected to the same network. The repeated crashing and rebooting prevents users from being able to turn wi-fi off on their phone, even if they know that the wi-fi network is causing the problem.
Skycure has hypothesised that more than one hack could be used together to prevent iOS devices in a certain area from functioning at all. A previously discovered hack named Wi-Figate allows hackers to force a device to connect to a certain network automatically. As anyone within range of the network would only be able to regain service on their device by moving to a different area, an attack could have a big impact- Skycure warns that attacks could be made against large airports, utility plants or even Wall Street.
Apple has not yet released a fix for this problem but have been warned of it by Skycure, who wish not to release any further details until the vulnerability has been patched up. There isn’t any evidence that the bug has yet been exploited in order to denial of service among business or the general public, but the faster Apple fixes the error the better.
This is not the first time that a bug has grown from problems with SSL and iOS and Apple has recently terminated support for SSL 3.0 as it had significant vulnerability. The advice for now is to update all Apple firmware to the most recent version, especially if a new iOS update is released. If you do fall victim to a No iOS Zone attack then the only fix is to move away from the wi-fi hotspot area which should prevent apps crashing or your device rebooting.