If this is your first visit, be sure to check out the FAQ by clicking the link above.
You may have to register before you can post: click the register link above to proceed.
To start viewing messages, select the forum that you want to visit from the selection below.
You are here: MacNN Forums
> News
> Mac News
>
Researchers able to crash iOS devices through Wi-Fi router exploit
Security firm Skycure have divulged the existence, but not the actual exploitation method, of a exploit in iOS that allows a Wi-Fi provider to reliably crash an iOS device upon connection to a known access point. The flaw allows a maliciously-crafted SSL certificate to crash the device completely, forcing it into a "repeatable reboot cycle" as long as the device remains within range of the assaulting Wi-Fi network.
The actual implementation of the flaw doesn't cause damage to the device, and relies on the iOS device attempting to reconnect to the assaulting wireless hotspot. Other than inconvenience for users, there doesn't appear to be a deeper exploit associated with the flaw at this time. The fix for an affected device is to move out of range of the assaulting base station, and clear memory of the hotspot.
There also doesn't seem to be a way to infect wireless hotspots that an assailant doesn't already have full control over. However, a simple exploit is to name a hotspot to an already existing network that may be pre-assigned by a carrier, or one masquerading as an open hotspot in a public location, like a coffee shop or restaurant.
Skycure has reported the issue to Apple, saying that "as the vulnerability has not been confirmed as fully fixed yet, we've decided to refrain from providing additional technical details, in order to make sure iOS users are not exposed to the exploit caused by this vulnerability."
The best way to avoid this exploit, and most others involving Apple's mobile operating system, is to avoid free, open, unverified public Wi-Fi hotspots. A user must either have connected to a base station with the same name as one previously connected to, or choose to connect to a compromised router, for the attack to take effect.
(
Last edited by NewsPoster; May 1, 2015 at 07:14 PM.
)
If you don't have the imagination and training to create something good, hack into some well made device and wreck it. Oh yeah, it is supposed to be something good for us because, you know, bad people might do it instead or something.
This is quite possibly the most useless hack ever. "Join my special Wi-Fi network I have engineered to make your device crash over and over! Wait, where are you going?"
This is quite possibly the most useless hack ever. "Join my special Wi-Fi network I have engineered to make your device crash over and over! Wait, where are you going?"
And second of all, this could be a serious security issue for iOS devices. If someone is an AT&T or Xfinity customer that uses their Wifi access points, set to "auto-join", you could effectively disable those devices in range of your network by spoofing your network name.
I could be wrong, but from what I've gathered from other news sources, this seems to be very possible.