The Guardian is reporting on a newly discovered bug in IOS which causes iDevices to continually crash and reboot.
Once the user has entered what its discoverer, security researchers Skycure, dubs the “no iOS Zone”, there’s no way to fix their phone other than escaping the range of the malicious network; every time it reboots, it crashes almost immediately.
The basis of the attack uses a “specially crafted SSL certificate”, typically used to ensure a secure connection, to trigger a bug in the operating system that crashes out any app using SSL.
More info on Skycure's blog.
(Score: 2) by Tork on Thursday April 23 2015, @09:05PM
🏳️🌈 Proud Ally 🏳️🌈
(Score: 3, Interesting) by MrGuy on Thursday April 23 2015, @09:13PM
You can configure WiFi networks that do not require authentication. You can't get the password wrong if there's no password.
(Score: 3, Interesting) by Tork on Thursday April 23 2015, @09:29PM
🏳️🌈 Proud Ally 🏳️🌈
(Score: 0) by Anonymous Coward on Thursday April 23 2015, @09:42PM
What I think he is suggesting is to pro-actively enter "bad data" for your carrier specific SSID (so that the phone will fail to connect to it and be immune to the attack.) My guess is the carrier SSID is already hard-coded, but it might be worth a try to see if it's even possible.
(Score: 4, Informative) by frojack on Thursday April 23 2015, @09:19PM
It would seem that it might not, because without a password you can't even associate with an access point.
This presumes that there was any security at all on the router. If the router was set up with no security then all you have to do is choose to connect.
However, as mentioned above, there is another vulnerability mentioned here:
https://www.skycure.com/blog/wifigate-how-mobile-carriers-expose-us-to-wi-fi-attacks/ [skycure.com]
where some deals apple has made with certain carriers (see list in linked page) who have a bunch of semi-public wifi outlets, to automatically jump onto their wifi whenever an iphone was in range.
The idea at the time, is that the carriers were desperate to drop 3G data usage, and arranged with Apple to have iPhone hop on wifi whenever possible.
That was some time ago, and I think that has been fixed. (Supposedly you now have to agree to it at least the first time).
The only protection against that was to turn your wifi off.
No, you are mistaken. I've always had this sig.
(Score: 2) by Tork on Thursday April 23 2015, @09:31PM
🏳️🌈 Proud Ally 🏳️🌈
(Score: 4, Interesting) by frojack on Thursday April 23 2015, @09:56PM
These days, most Starbucks are supplied WIFI by Google, so its a whole different thing.
But still, if you have ever log into a Starbucks it will log you into just about any Starbucks (corporate) stores. They all use the same SSID, with no security (but they usually take you to an "I Agree" page.)
I doubt its phone specific because both my phone (non apple) and my tablet log in there as soon as I walk in.
Same with AT&T hotspots. No security, I agree page, same SSID. (Although they also typically broadcast a "house SSID" for the establishment.
I've told my phone to FORGET these from time to time, and from then on it no longer connects automatically, till I select Connect again. But my phone is Android, so I can't speak to Apple devices.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Thursday April 23 2015, @11:14PM