iOS 8 bug allows hackers to crash iPhones over Wi-Fi

iPhone-boot-loop

Researchers have proven that it’s possible for attackers to crash any iPhone or iPad over Wi-Fi, thanks to a bug in iOS 8. In some cases, devices can be forced into a boot-loop, rendering them unusable.
The vulnerability was demonstrated at the RSA security conference in San Francisco this week by security research firm Skycure. Dubbed “No iOS Zone,” the hack can be carried out on almost any iOS device running iOS 8, but iPhones are more vulnerable.
The attack is carried out by manipulating SSL certificates — which are used by virtually every iOS app — and then sending them to an iPhone or iPad over Wi-Fi. And in some cases, only disabling Wi-Fi on your device can avoid it.
You’d think that as long as you didn’t connect to untrusted Wi-Fi networks, you would be okay. But the problem is, most iPhones are programmed to connect to certain hotspots automatically.
For instance, devices connected to AT&T will automatically connect to hotspots named “attwifi,” and unless you disable Wi-FI on your device, there’s no way to prevent that.
Attackers could easily set up a hotspot with the right name in a busy coffee shop, then, and there will be no shortage of devices connecting to it without their owner’s knowledge.
“Anyone can take any router and create a Wi-Fi hotspot that forces you to connect to their network, and then manipulate the traffic to cause apps and the operating system to crash,” Skycure told attendees at RSA.


“There is nothing you can do about it other than physically running away from the attackers. This is not a denial-of-service where you can’t use your Wi-Fi – this is a denial-of-service so you can’t use your device even in offline mode.”

The good news is, the worst thing the attackers can do is force your device into a boot-loop. They cannot gain access to your device or steal your data using this hack, so it’s really nothing more than a hugely annoying prank.
But Skycure points out that it could cause major disruption in sensitive locations, like a political events, or places like Wall Street. Fortunately, the company has no plans to make the intricacies of the attack public, so there is no how-to guide for attackers.
What’s more, Skycure is working with Apple to address the issue, and says the Cupertino company has responded quickly to it. That should mean we’ll see a fix in an iOS update very soon.
[via Gizmodo]

Comments

Post a Comment

Popular posts from this blog

How to watch WWDC keynote live on Mac, iPhone, iPad, Apple TV, Windows, Linux and Android

Image
As you know, Apple’s annual Worldwide Developers Conference kicks off today with a State of the Union-like keynote address. WWDC is the most important event for the Apple community as it gives a sneak peak at how the firm plans to woo app developers in the year. The 26th summer event runs from June 8 through June 12 at San Francisco’s Moscone West, where CEO Tim Cook will share the stage Monday morning along with other company executives to deliver latest advances concerning iOS, OS X and Watch OS platforms. Apple will be providing a live stream through the Apple Events webpage on its website, using the new familiar weblog-like layout. Although the official live stream is limited to Mac, iPhone, iPod touch, iPad and Apple TV devices, you can enjoy it on other platforms, too. Without further ado, here’s a quick tutorial on what you’ll need to watch the keynote live on both Apple devices and non-Apple platforms like Windows, Linux and Android. When does WWDC keynote sta
Read more