Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Mac News > Researchers able to crash iOS devices through Wi-Fi router exploit

Researchers able to crash iOS devices through Wi-Fi router exploit
Thread Tools
NewsPoster
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Apr 22, 2015, 09:57 AM
 
Security firm Skycure have divulged the existence, but not the actual exploitation method, of a exploit in iOS that allows a Wi-Fi provider to reliably crash an iOS device upon connection to a known access point. The flaw allows a maliciously-crafted SSL certificate to crash the device completely, forcing it into a "repeatable reboot cycle" as long as the device remains within range of the assaulting Wi-Fi network.

The actual implementation of the flaw doesn't cause damage to the device, and relies on the iOS device attempting to reconnect to the assaulting wireless hotspot. Other than inconvenience for users, there doesn't appear to be a deeper exploit associated with the flaw at this time. The fix for an affected device is to move out of range of the assaulting base station, and clear memory of the hotspot.

There also doesn't seem to be a way to infect wireless hotspots that an assailant doesn't already have full control over. However, a simple exploit is to name a hotspot to an already existing network that may be pre-assigned by a carrier, or one masquerading as an open hotspot in a public location, like a coffee shop or restaurant.

Skycure has reported the issue to Apple, saying that "as the vulnerability has not been confirmed as fully fixed yet, we've decided to refrain from providing additional technical details, in order to make sure iOS users are not exposed to the exploit caused by this vulnerability."

The best way to avoid this exploit, and most others involving Apple's mobile operating system, is to avoid free, open, unverified public Wi-Fi hotspots. A user must either have connected to a base station with the same name as one previously connected to, or choose to connect to a compromised router, for the attack to take effect.

( Last edited by NewsPoster; May 1, 2015 at 07:14 PM. )
     
ElectroTech
Dedicated MacNNer
Join Date: Nov 2008
Status: Offline
Reply With Quote
Apr 22, 2015, 11:14 AM
 
If you don't have the imagination and training to create something good, hack into some well made device and wreck it. Oh yeah, it is supposed to be something good for us because, you know, bad people might do it instead or something.
     
Charles Martin
Mac Elite
Join Date: Aug 2001
Location: Maitland, FL
Status: Offline
Reply With Quote
Apr 22, 2015, 11:48 AM
 
This is quite possibly the most useless hack ever. "Join my special Wi-Fi network I have engineered to make your device crash over and over! Wait, where are you going?"
Charles Martin
MacNN Editor
     
msuper69
Professional Poster
Join Date: Jan 2000
Location: Columbus, OH
Status: Offline
Reply With Quote
Apr 22, 2015, 02:02 PM
 
Don't join unknown Wi-Fi networks.
     
Grendelmon
Senior User
Join Date: Dec 2007
Location: Too F'ing Cold, USA
Status: Offline
Reply With Quote
Apr 22, 2015, 02:13 PM
 
It's a way to keep your Wifi network iOS free.
     
Grendelmon
Senior User
Join Date: Dec 2007
Location: Too F'ing Cold, USA
Status: Offline
Reply With Quote
Apr 22, 2015, 02:26 PM
 
Originally Posted by Charles Martin View Post
This is quite possibly the most useless hack ever. "Join my special Wi-Fi network I have engineered to make your device crash over and over! Wait, where are you going?"
And second of all, this could be a serious security issue for iOS devices. If someone is an AT&T or Xfinity customer that uses their Wifi access points, set to "auto-join", you could effectively disable those devices in range of your network by spoofing your network name.

I could be wrong, but from what I've gathered from other news sources, this seems to be very possible.
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 02:28 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,