The Guardian is reporting on a newly discovered bug in IOS which causes iDevices to continually crash and reboot.
Once the user has entered what its discoverer, security researchers Skycure, dubs the “no iOS Zone”, there’s no way to fix their phone other than escaping the range of the malicious network; every time it reboots, it crashes almost immediately.
The basis of the attack uses a “specially crafted SSL certificate”, typically used to ensure a secure connection, to trigger a bug in the operating system that crashes out any app using SSL.
More info on Skycure's blog.
(Score: 3, Informative) by frojack on Thursday April 23 2015, @08:38PM
Skycure's Blog seems to suggest iPhone users have to first connect to this router, it won't affect Joe Random Fanboy walking by.
One day, during preparation for a demonstration of a network-based attack, we bought a new router. After setting the router in a specific configuration and connecting devices to it, our team witnessed the sudden crash of an iOS app.
Users might be able to avoid this vulnerability exploit in a number of ways:
1) Users should disconnect from the bad Wi-Fi network or change their location in case they experience continuous crashing or rebooting.
2) The latest iOS 8.3 update might have fixed a few of the mentioned threats–users are highly advised to upgrade to the latest version.
3) In general, users should avoid connecting to any suspicious “FREE” Wi-Fi network.
So it appears its not an area denial weapon. Just an anti-free-loader weapon.
No, you are mistaken. I've always had this sig.
(Score: 3, Interesting) by maxwell demon on Thursday April 23 2015, @08:47PM
So iOS doesn't automatically try to connect to anything with an SSID which it had connected to previously? Setting up an access point with the same SSID as the local Starbucks isn't exactly rocket surgery.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by iwoloschin on Thursday April 23 2015, @08:53PM
The Ars article on this mentioned that there's another two year old bug that can force an iPhone to connect to a wireless network...so yeah, it could be an area denial attack.
(Score: 2) by Foobar Bazbot on Thursday April 23 2015, @08:55PM
Yes, but they also mention (and link to) a method of getting around that -- apparently iPhones will autoconnect to a carrier-specified SSID, so by announcing your AP with the SSIDs for all applicable carriers, they will all automatically connect.
(Score: 2) by Tork on Thursday April 23 2015, @09:05PM
🏳️🌈 Proud Ally 🏳️🌈
(Score: 3, Interesting) by MrGuy on Thursday April 23 2015, @09:13PM
You can configure WiFi networks that do not require authentication. You can't get the password wrong if there's no password.
(Score: 3, Interesting) by Tork on Thursday April 23 2015, @09:29PM
🏳️🌈 Proud Ally 🏳️🌈
(Score: 0) by Anonymous Coward on Thursday April 23 2015, @09:42PM
What I think he is suggesting is to pro-actively enter "bad data" for your carrier specific SSID (so that the phone will fail to connect to it and be immune to the attack.) My guess is the carrier SSID is already hard-coded, but it might be worth a try to see if it's even possible.
(Score: 4, Informative) by frojack on Thursday April 23 2015, @09:19PM
It would seem that it might not, because without a password you can't even associate with an access point.
This presumes that there was any security at all on the router. If the router was set up with no security then all you have to do is choose to connect.
However, as mentioned above, there is another vulnerability mentioned here:
https://www.skycure.com/blog/wifigate-how-mobile-carriers-expose-us-to-wi-fi-attacks/ [skycure.com]
where some deals apple has made with certain carriers (see list in linked page) who have a bunch of semi-public wifi outlets, to automatically jump onto their wifi whenever an iphone was in range.
The idea at the time, is that the carriers were desperate to drop 3G data usage, and arranged with Apple to have iPhone hop on wifi whenever possible.
That was some time ago, and I think that has been fixed. (Supposedly you now have to agree to it at least the first time).
The only protection against that was to turn your wifi off.
No, you are mistaken. I've always had this sig.
(Score: 2) by Tork on Thursday April 23 2015, @09:31PM
🏳️🌈 Proud Ally 🏳️🌈
(Score: 4, Interesting) by frojack on Thursday April 23 2015, @09:56PM
These days, most Starbucks are supplied WIFI by Google, so its a whole different thing.
But still, if you have ever log into a Starbucks it will log you into just about any Starbucks (corporate) stores. They all use the same SSID, with no security (but they usually take you to an "I Agree" page.)
I doubt its phone specific because both my phone (non apple) and my tablet log in there as soon as I walk in.
Same with AT&T hotspots. No security, I agree page, same SSID. (Although they also typically broadcast a "house SSID" for the establishment.
I've told my phone to FORGET these from time to time, and from then on it no longer connects automatically, till I select Connect again. But my phone is Android, so I can't speak to Apple devices.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Thursday April 23 2015, @11:14PM