Stories
Slash Boxes
Comments

SoylentNews is people

WiFi Hack Creates No-Go Zone For iOS

posted by cmn32480 on Thursday April 23 2015, @07:45PM   Printer-friendly
from the maybe-if-you-hold-it-differently dept.

fleg writes:

The Guardian is reporting on a newly discovered bug in IOS which causes iDevices to continually crash and reboot.

Once the user has entered what its discoverer, security researchers Skycure, dubs the “no iOS Zone”, there’s no way to fix their phone other than escaping the range of the malicious network; every time it reboots, it crashes almost immediately.

The basis of the attack uses a “specially crafted SSL certificate”, typically used to ensure a secure connection, to trigger a bug in the operating system that crashes out any app using SSL.

More info on Skycure's blog.

 
This discussion has been archived. No new comments can be posted.
WiFi Hack Creates No-Go Zone For iOS | Log In/Create an Account | Top | 27 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by Tork on Thursday April 23 2015, @09:05PM

    by Tork (3914) Subscriber Badge on Thursday April 23 2015, @09:05PM (#174437)
    Please forgive my dumbness, but will this connection cause the reboot even if the password for that SSID is wrong?
    --
    🏳️‍🌈 Proud Ally 🏳️‍🌈
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 3, Interesting) by MrGuy on Thursday April 23 2015, @09:13PM

    by MrGuy (1007) on Thursday April 23 2015, @09:13PM (#174440)

    You can configure WiFi networks that do not require authentication. You can't get the password wrong if there's no password.

    • (Score: 3, Interesting) by Tork on Thursday April 23 2015, @09:29PM

      by Tork (3914) Subscriber Badge on Thursday April 23 2015, @09:29PM (#174445)
      Right, but what happens if you try to connect to a no-password SSID by whilst a password? I'll put it another way: Let's say I create a hotspot called Tork, you connect to it, and you have to enter (and save) a password to authenticate to it. Then, after you've used it for a while, I go to my router and remove the password and set up the hack mentioned in the article. Would an iPhone connect to Tork and start rebooting or would it fail to authenticate because the handshake is all gibberish?
      --
      🏳️‍🌈 Proud Ally 🏳️‍🌈

      • (Score: 0) by Anonymous Coward on Thursday April 23 2015, @09:42PM

        by Anonymous Coward on Thursday April 23 2015, @09:42PM (#174449)

        What I think he is suggesting is to pro-actively enter "bad data" for your carrier specific SSID (so that the phone will fail to connect to it and be immune to the attack.) My guess is the carrier SSID is already hard-coded, but it might be worth a try to see if it's even possible.

  • (Score: 4, Informative) by frojack on Thursday April 23 2015, @09:19PM

    by frojack (1554) on Thursday April 23 2015, @09:19PM (#174441) Journal

    It would seem that it might not, because without a password you can't even associate with an access point.
    This presumes that there was any security at all on the router. If the router was set up with no security then all you have to do is choose to connect.

    However, as mentioned above, there is another vulnerability mentioned here:
    https://www.skycure.com/blog/wifigate-how-mobile-carriers-expose-us-to-wi-fi-attacks/ [skycure.com]
    where some deals apple has made with certain carriers (see list in linked page) who have a bunch of semi-public wifi outlets, to automatically jump onto their wifi whenever an iphone was in range.

    The idea at the time, is that the carriers were desperate to drop 3G data usage, and arranged with Apple to have iPhone hop on wifi whenever possible.
    That was some time ago, and I think that has been fixed. (Supposedly you now have to agree to it at least the first time).

    The only protection against that was to turn your wifi off.

    --
    No, you are mistaken. I've always had this sig.

    • (Score: 2) by Tork on Thursday April 23 2015, @09:31PM

      by Tork (3914) Subscriber Badge on Thursday April 23 2015, @09:31PM (#174446)
      This is exactly why I asked. When I first got my phone it would connect to AT&T and Starbucks hotspots. I eventually killed that because in most cases 4G data is much faster than the local saturated hotspot. I haven't bothered to try to bring that back because I assumed they had pre-configured a password to use. Is my assumption bad? Are they okaying me via an internal ID on my phone instead?
      --
      🏳️‍🌈 Proud Ally 🏳️‍🌈

      • (Score: 4, Interesting) by frojack on Thursday April 23 2015, @09:56PM

        by frojack (1554) on Thursday April 23 2015, @09:56PM (#174451) Journal

        These days, most Starbucks are supplied WIFI by Google, so its a whole different thing.

        But still, if you have ever log into a Starbucks it will log you into just about any Starbucks (corporate) stores. They all use the same SSID, with no security (but they usually take you to an "I Agree" page.)

        I doubt its phone specific because both my phone (non apple) and my tablet log in there as soon as I walk in.

        Same with AT&T hotspots. No security, I agree page, same SSID. (Although they also typically broadcast a "house SSID" for the establishment.

        I've told my phone to FORGET these from time to time, and from then on it no longer connects automatically, till I select Connect again. But my phone is Android, so I can't speak to Apple devices.

        --
        No, you are mistaken. I've always had this sig.

        • (Score: 0) by Anonymous Coward on Thursday April 23 2015, @11:14PM

          by Anonymous Coward on Thursday April 23 2015, @11:14PM (#174474)
          That makes sense, thank you.