Researchers at security firm ‘Skycure’ have revealed a serious vulnerability in iOS at the RSA security conference.
Termed ‘No iOS Zone’, this security flaw enables hackers to crash iOS devices present within the range of any WiFi hotspot. What’s more, the attacker doesn’t even need you to connect the device to the WiFi on your own, it can be forced into restart loops just like that.
This security flaw has surfaced mainly due to a bug inherently present in iOS 8. It allows the manipulation of SSL certificates that are transferred over the network to any iOS device. Since all apps as well as the operating system itself use these certificates, an attacker is able to take charge of things and send the device into a constant restart loop.
Your iOS device can be sent into a constant restart loop if it’s in range of a WiFi hotspot
You may be immediately under the impression that the solution is to simply not connect to a random WiFi hotspot. After all, the hacker would need to take charge of the WiFi network in order to transfer those specially crafted SSL certificates, right? Except, it’s not as simple as you might imagine.
The researchers combined an old exploit ‘WiFiGate’ with the security flaw linked to the SSL certificates only to discover that carriers pre-program the iOS devices such that they automatically connect to specific networks. For instance, devices using Sprint would automatically connect to a WiFi network by the name ‘SprintWiFi’. Sadly, there’s nothing a customer can do other than switching off the WiFi.
Other than waiting for the hacker to get bored or going out of range of the affected WiFi hotspot, users can do little
The researchers were able to demonstrate that the security flaw left the device in terrible form, continually crashing and rebooting. Since it remains stuck in the process of restarting over and over again, there is no convenient way to disable the WiFi either. It’s really up to the hacker to allow you some time to do so in order that you accept your defeat and flee the attacker’s zone.
Skycure is currently collaborating with Apple in order to remedy the situation. The two haven’t revealed any details about the progress yet but it’s clear as day that iPhone and iPad owners are open to the attack. At this point, it would be best to refrain from accessing an unknown WiFi network or you’ll be some hacker’s bunny as well.