iPhone bug breaks WiFi when you join hotspot with unusual name:
A new iPhone bug has come to light that breaks your iPhone's wireless functionality by merely connecting to a specific WiFi hotspot.
Once triggered, the bug would render your iPhone unable to establish a WiFi connection, even if it is rebooted or the WiFi hotspot is renamed.
A bug like this could be exploited by malicious actors planting rogue WiFi hotspots in popular areas to bork iPhone devices connecting to them.
[...] "After joining my personal WiFi with the SSID '%p%s%s%s%s%n', my iPhone permanently disabled it's WiFi functionality. Neither rebooting nor changing SSID fixes it :~)," tweeted Schou.
Schou told BleepingComputer that his experiment worked successfully on an iPhone XS, running iOS version 14.4.2.
Tests conducted by BleepingComputer on an iPhone running iOS 14.6 confirm an iPhone's wireless functionality would break after connecting to the strangely named wireless network.
[...] In multiple tests attempting to connect to this strange SSID, our Wi-Fi settings would begin to function erratically, but all led to the same behavior - the breaking of our iPhone's wireless connectivity.
In some tests, connecting to the SSID would fail, but we could no longer access our regular wireless network.
Other tests led to the behavior described by Schou, where the iPhones Wi-Fi setting would be disabled [...]
[...] The only way to fix our iPhone's broken Wi-Fi feature was to reset the device's iPhone network settings, which we describe how to do at the end of the article.
[...] According to users, the issue is unique to iPhones and does not appear to be reproducible on Android devices:
The fix outlined in the article involves resetting all your network settings back to factory defaults. It appears that any previous settings (access points, passwords, etc.) would be lost so it would be best to record them on paper beforehand.
(Score: 5, Insightful) by maxwell demon on Monday June 21 2021, @05:59PM (33 children)
If a specific name can cause the iPhone's WLAN to malfunction, that raises questions if another, maliciously crafted SSID name might do more harmful things to your iPhone.
If some external name causes issues, you know for sure that someone didn't properly sanitize their input.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 4, Interesting) by Tork on Monday June 21 2021, @06:05PM (1 child)
I'm having trouble finding out if this really affects people, though. They keep saying 'join the network' but I haven't been able to determine if setting your phone to join hotspots automatically causes this as well. In which case... shame on Apple AND stupid users.
🏳️🌈 Proud Ally 🏳️🌈
(Score: 2) by Tork on Monday June 21 2021, @06:09PM
🏳️🌈 Proud Ally 🏳️🌈
(Score: 4, Insightful) by FatPhil on Monday June 21 2021, @06:08PM (13 children)
Had the OS been open source, we could have analysed the bug to know which coding incompetence Apple or their subcontractors are guilty of, but it's not, so we have to just imagine that they're probably capable of all of the errors it's likely to be, in the absence of evidence to the contrary.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 4, Interesting) by RS3 on Monday June 21 2021, @06:37PM (7 children)
I would LOVE to see the code error to learn from it. There are many ways this could have happened. Sanitizing input only goes so far. Well, it depends on your definition of "sanitize", meaning, you still have to properly handle all possibilities within the range of now sanitized inputs.
One place I worked: significantly important medical diagnostic machines. Standard keyboard with some keys relabeled. I accidentally pressed an invalid key on a demo machine and the software locked up. Main coder dude said "why would anyone ever do that?" Seriously. And it was simply a "switch" "case" statement (C code) with no "default". Not kidding. And a "default" case would have solved it. Problem: political structure did not allow for any code review. Coder dude reported directly to company president, who was engineering genius, but did not know coding at all.
(Score: 5, Funny) by FatPhil on Monday June 21 2021, @06:52PM (1 child)
However, the company was retarded for not having coding standards (e.g. all switches must have a default, or all parameters must be checked that they're in range, both would catch something that dumb), code review to ensure things meet standards or just for general QC, and apparently no adversarial/fuzz testing.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 3, Interesting) by RS3 on Monday June 21 2021, @11:58PM
Agreed on all points. He was pretty arrogant, jerk, etc. Fiercely private with his source code, very defensive about pretty much anything. To be fair, he came across as a nice guy, and was pretty much so outside of work.
You'd be amazed at how loose things were. NOT life support systems, nor critical/intensive care, but could be, but again, not life support.
You'd think FDA or someone would do those tests.
That company didn't start out in coding, but kind of fell into it as systems became computerized. You'd wish FDA or someone would establish coding standards, practices, etc., including code review, some minimum testing, something akin to fuzzing (like me pressing random keys! Let's call it "monkey testing". :)
(Score: 4, Insightful) by Anonymous Coward on Monday June 21 2021, @10:29PM (1 child)
The entire concept of sanitized input is invalid. (I am aware that the code running the forum on which I am writing this attempts to do just that).
You can take user input and treat it literally.
You can perform transformations on it, like converting embedded format strings into actual formatting, so long as the distinction between the untrusted input and the trusted code is clear. No calling sprintf where the string being processed can be specified by the user (which seems to be what they did here).
You can even scan it and look for useful information in it, subject to the same caveat.
You cannot run it through some magic process that converts untrusted input into trusted input. Often, you can't even know what "trusted" means, because you never know who will try to interpret your data or how, and if they think it's safe because you thought it was safe, things will slip through the cracks.
(Score: 0) by Anonymous Coward on Tuesday June 22 2021, @11:16AM
Sure you can. You do that ALL THE TIME. You verify that the input is a valid input and then it becomes valid.
untrusted = "42";
val = strtol(untrusted, &ptr, 10);
if (*ptr != '\x0' || val <= 0 || val > 100)
exit(1);
// valid positive input less than or equal to 100
PS: Maybe the CODE element should escape > and < instead of having to type HTLM entities?
(Score: 0) by Anonymous Coward on Tuesday June 22 2021, @12:32AM (2 children)
There are cases where you don't need a default - if it doesn't match one of a particular number of values, just fall through.
(Score: 2) by RS3 on Tuesday June 22 2021, @04:59AM
Yes, absolutely, but in this idiot's code, the fall through caused lockup. Probably because it fell into the handler for the first case, but that code didn't get called with the proper parameter, or who knows what with this guy's code...
(Score: 2) by FatPhil on Tuesday June 22 2021, @06:11AM
/* Otherwise - do nothing */
or, better:
default:
/* There's nothing to do in these other cases */
break;
Neither causes any bloat of the compiled code size.
The inspector of the code should be able to answer the question "can we be sure the coder considered the other cases?" simply by looking at the code itself. If not, then you can't be sure the coder considered the other cases. Why do you prefer to leave that issue hanging.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: -1, Troll) by Anonymous Coward on Monday June 21 2021, @06:55PM (4 children)
Yeah, right. The same purple-haired Judeo-Globalist trannies are coding both OSX and "open source" operating systems with input from their sometimes-competing sometimes-cooperating corporate masters -- and those goddamn faggots are trying to pozz Linux with their Judeo-Globalist Rust abomination. "Open source" is no longer a magic bullet for innovation and against bad code -- the Linux development culture is, for example, more pozzed than even Microsoft's. Unless you're talking about using a locked-down free or open BSD that won't do shit, or using TempleOS that won't do shit.
Things can change for the better once woke bullshit and cancel culture die off along with BLM and Antifa, but Soros and his Jew-run crime syndicates want to own everything and as long as Jews will take money for any reason, the battle against Judeo-Globalism will be a slow one but America will win it. Can't say the same thing about Canada or Europe, though. They appear to be thoroughly fucked!
(Score: 5, Insightful) by maxwell demon on Monday June 21 2021, @07:22PM (2 children)
Your whole comment is a huge non-sequitur.
If code is open source, we can look at the source code, by definition, and thus analyse it. For that it is completely irrelevant whether the code was written by a competent or incompetent programmer, whether it was put together by a left-wing or right-wing organization, whether it was written by Christians, Jews, Muslims, Sikh, Satanists, or Pastafari. Even if the code was written by Vogons, as long as it is open source, you can analyse it.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 4, Insightful) by shortscreen on Monday June 21 2021, @08:35PM
You can analyze it even without looking at the source. Sometimes the disassembly is easier to read anyway.
(Score: 3, Interesting) by hendrikboom on Tuesday June 22 2021, @12:43PM
I have a friend who once discovered he could get his word processor to edit code properly by telling the word processor it was poetry.
If written by Vogons, it may be impossible to review without significant damage to the reviewer.
(Score: 0, Funny) by Anonymous Coward on Tuesday June 22 2021, @12:38AM
From all the times I see this repeated, it sounds like the purple haired trannies are writing most of the software out there. And you're angry they're stealing all the jobs.
Maybe it's time for you to listen to "Where's the Dress", dye your hair purple, and try to pass as trans.
(Score: 4, Insightful) by DannyB on Monday June 21 2021, @06:08PM (14 children)
You are right.
The real lesson here is that iPhone users should only connect to Genuine™ Apple® brand WiFi hotspots. Just like how you should not side load apps. Stay inside the
prison campwalled garden because bad things.To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 4, Insightful) by Tork on Monday June 21 2021, @06:15PM (11 children)
You should get your Apple news from somewhere other than Slashdot. Here, I'll translate your joke into Android:
"The real lesson here is that Android users should purchase the next expensive phone (with a specific carrier) that supports a recent enough version of Android to have a fix for this vulnerability!"
Stupid when you're better informed, right?
🏳️🌈 Proud Ally 🏳️🌈
(Score: 5, Insightful) by DannyB on Monday June 21 2021, @06:39PM (7 children)
It works both ways. Haven't been to slashdot for a long time. I was given an iPhone in about 2009 by a friend to develop something, but couldn't use it because I couldn't develop for it on Linux. With Android, I could develop on any platform, choice of dev tools, and didn't need permission to sideload my own app on my own hardware.
I've had Android since 2010. I have yet to have malware. I have written and sideloaded apps. (my own 'asteroids' and 'breakout' games)
It's funny that my last two Android (eg Google brand) phones would work on any carrier. I'll never go back to buying a phone from a carrier, or any phone that only works on one carrier. Or that is preloaded with unwanted apps.
Also: I once was a card carrying Apple fanboy and long time developer for classic Mac and would bleed in six colors.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 1, Redundant) by Tork on Monday June 21 2021, @06:43PM (5 children)
There's plenty of legit things to bitch about, hell you just now rattled off a couple, you don't need to make shit up.
🏳️🌈 Proud Ally 🏳️🌈
(Score: 2) by DannyB on Monday June 21 2021, @07:03PM (4 children)
It is true that jokes are better if they are about real things that people relate to. And Android is definitely not without its problems. Or more specifically Google is not without its problems. Products that come and go. Or are separated. Or combined. Now Hangouts is going away but it's functionality is merged in to Gmail. (There must be some anticompetitive angle to this.)
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 3, Interesting) by Tork on Monday June 21 2021, @07:15PM (3 children)
And you prolly didn't wanna hear all this, I'm sorry, you accidently brushed up against a sore spot for me and I'm prone to irrational rants sometimes. :D Sorry.
🏳️🌈 Proud Ally 🏳️🌈
(Score: 1, Funny) by Anonymous Coward on Monday June 21 2021, @08:55PM
as long as that sore spot is not spelled with %'s DannyB should be fine, but maybe you should both get tested to be sure.
(Score: 0) by Anonymous Coward on Monday June 21 2021, @10:41PM (1 child)
> Oh and that email I had open?
Whenever I do anything in Gmail other than just email, I always open a new tab on the same account (like right click on "Inbox", open in new tab) and start things like Calendar or Voice from there. The original Gmail window with whatever I was doing still works normally.
(Score: 2) by Tork on Monday June 21 2021, @10:51PM
🏳️🌈 Proud Ally 🏳️🌈
(Score: 2, Interesting) by Anonymous Coward on Tuesday June 22 2021, @12:50AM
Carrier locked phones went the way of the three-year phone contract - and even carrier-locked phones could be unlocked at the end of the contract (or earlier, if you oaid the outstanding loan portion of your contract).
Apple isn't perfect, but Android privacy is broken by design - Google's design. After all, their primary business is collecting and selling your personal info.
(Score: 0) by Anonymous Coward on Tuesday June 22 2021, @05:33AM (1 child)
Sucks to be you with your specific carrier phones. Not everyone in the world suffers from shit like that.
Stupid when you're better informed, right?
(Score: 0) by Anonymous Coward on Tuesday June 22 2021, @05:48AM
(Score: 0) by Anonymous Coward on Tuesday June 22 2021, @11:18AM
Here, I'll translate it for you,
The real lesson here is that Android users should purchase Android One phones only to have a fix for this vulnerability!"
(Score: 4, Funny) by captain normal on Monday June 21 2021, @06:37PM (1 child)
Plus you have to hold it right at the same time.
When life isn't going right, go left.
(Score: 2) by DannyB on Monday June 21 2021, @09:44PM
I think I remember them saying this back in sex education. But it wasn't in the lecture, if I remember correctly, it was in the lab.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 3, Informative) by shrewdsheep on Monday June 21 2021, @08:25PM
While true on general grounds, these bugs can be quite subtle. I guess that Apple follows industry standards and code is signed off by a peer after review. This would prevent a bug not quoting the SSID properly when used for interpolation (aka sanitizing). My guess is the SSID will be quoted properly when interpolated first, into another string. Probably that string gets gets stored in a variable with an innocuous sounding name and being assumed a properly sanitized string, which is not the case as one round of interpolation already took place. When it gets interpolated once more shit hits the fan.
I have done a lot of parsing/unparsing code and can assure you that proper quoting gets into your DNA. The bugs hide in the proper *level* of quoting and you have to make it a habit to always write down the complete interpolation in a string you can see in full, i.e. never build a string you want to interpolated via concatenation. Recursive interpolation is a taboo.
LTS anyone?
(Score: 2) by driverless on Tuesday June 22 2021, @05:52AM
The fact that there's a %n in that exploit, meaning a memory-write capability, indicates you can do more than just b0rk the WiFi with it...
(Score: 0) by Anonymous Coward on Monday June 21 2021, @06:13PM (4 children)
<sarcasm>
Oh no... whosoever would do this? Please... no... stop... don't...
</sarcasm>
(Score: 2) by DannyB on Monday June 21 2021, @06:40PM
Back in the day, exploiting something like this would be very expensive because it would require a computer which was very expensive. Now it could be done with cheap disposable microcontrollers.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 0) by Anonymous Coward on Monday June 21 2021, @10:43PM
> malicious actors
Hey, where's the equal time? malicious actresses (and the xx other genders) need some love too!
(Score: 0) by Anonymous Coward on Monday June 21 2021, @11:26PM (1 child)
An excursion to the local mall, with a fully charged laptop, may be coming up...
(Score: 0) by Anonymous Coward on Tuesday June 22 2021, @12:53AM
(Score: 5, Funny) by Anonymous Coward on Monday June 21 2021, @06:40PM (9 children)
"You're naming your WiFi hotspot wrong" -Tim Cook
(Score: -1, Troll) by Anonymous Coward on Monday June 21 2021, @06:46PM (7 children)
"You're naming your WIFI hotspot wrong." -Internet Moron With a Reading Comprehension Problem
(Score: 2, Flamebait) by Booga1 on Monday June 21 2021, @07:48PM (6 children)
Someone has forgotten Apple's solution for iPhone reception problems was telling their customers "You're holding it wrong."
https://www.wired.com/2010/06/iphone-4-holding-it-wrong/ [wired.com]
(Score: 1, Informative) by Anonymous Coward on Monday June 21 2021, @07:59PM (5 children)
Here's what Steve actually said: "Just avoid holding it in that way...."
So in light of that correction that shouldn't need to have been corrected, let's look at my post again:
Makes more sense now after being informed, duddn't it? Wanna talk about 640k next?
(Score: 0) by Anonymous Coward on Monday June 21 2021, @08:31PM (3 children)
You're getting way too butthurt and over analizing a joke. "You're holding it wrong" and "just avoild holding it in that way" are functionally identical.
Apple has a history of blaming the users for their design flaws. This is just another example of how Apple doesn't give a shit about their users.
What is it that compels you to leap to correct this monstrous injustice that besmirches the fair name of Apple? It's really weird how people lash out to defend a company from a joke!
(Score: 0) by Anonymous Coward on Monday June 21 2021, @08:33PM (2 children)
Then you have absolutely no reason to misquote him. Thanks for playing!
(Score: 1, Funny) by Anonymous Coward on Monday June 21 2021, @09:02PM (1 child)
these are nowhere near functionally the same. i hope you are not a coder.
the first calls for introspection, where the latter advises exception.
(Score: 0) by Anonymous Coward on Monday June 21 2021, @09:11PM
(Score: 1, Funny) by Anonymous Coward on Monday June 21 2021, @08:36PM
No, how about the topic of seeing Russia from one's own house instead?
(Score: 2) by SomeGuy on Tuesday June 22 2021, @12:59AM
"Get a real computer!" - SomeGuy, saying to Mac users since 1984 :P
(Score: 5, Funny) by Anonymous Coward on Monday June 21 2021, @08:44PM (1 child)
Thank you for informing me of a mechanism to prevent iDevices from connecting to my networks. I greatly appreciate it.
(Score: 0) by Anonymous Coward on Tuesday June 22 2021, @02:25AM
(Score: 3, Insightful) by Anonymous Coward on Monday June 21 2021, @09:07PM (8 children)
If you're trying to "sanitize" input like that, you're doing it wrong. It's like web monkeys who try to "sanitize" user input so they can concatenate it on to some partial SQL statement and end up with injection attacks.
If it's a valid SSID, the phone should handle it properly and use it as-is. If it's not, then the phone should reject it. In no case should it be trying to parse/interpret it.
(Score: 2) by Tork on Monday June 21 2021, @09:58PM (1 child)
🏳️🌈 Proud Ally 🏳️🌈
(Score: 1, Informative) by Anonymous Coward on Tuesday June 22 2021, @07:40AM
The problem with "sanitizing" inputs is that your are often trying to protect yourself from unknown attacks on arbitrary input. Unless you have a fixed set of input properties and a clear picture of what you are protecting yourself from, it is very easy to end up with a false sense of security while trashing valid user input at the same time. One common example is someone writing a website follows the advice of "how to sanitize input" and uses parameterized queries or mysql_real_escape_string but leaving themselves wide open to XSS. Or you sanitize early, but then you cannot round trip to the original or leave yourself open to attacks that way. Another is % escaping but your code uses format() calls, and what do you know but that comment has "${}" or "{}" in it. Mangling input can result in "Conan OBrien" or "&amp;" that I'm sure you have seen before as well as opening you up to attacks if you do it improperly.
The correct approach is to keep the data as raw as possible for as long as possible. If you must validate input, reject input that doesn't meet your requirements before any other step. On the other side, escape and filter user input as late as possible and only combine it with untainted data immediately before outputting it.
(Score: 3, Interesting) by Anonymous Coward on Tuesday June 22 2021, @12:41AM (1 child)
An SSID is a 32byte binary entity. Systems assuming it is always a printable string are just begging for it. If you want a private network, just have the SSID contain a null byte in the middle, and watch how many implementations truncate the SSID and thus attempt to join a different network. Line feed is a fun one to mess up UIs with too.
(Score: 0) by Anonymous Coward on Tuesday June 22 2021, @10:25AM
You can also have real fun with Unicode as well. Even more fun if you mess around with the UTF-8 flag at the same time. The same SSID can give different results with different flag values.
(Score: 1, Touché) by Anonymous Coward on Tuesday June 22 2021, @12:46AM (3 children)
You must be a web designer.
Lower lever operations are not magic. 'The phone handling it properly' involves code. Probably in C.
(Score: 0) by Anonymous Coward on Tuesday June 22 2021, @10:50AM (2 children)
(GP poster here)
Actually, I've been programming primarily in C since 1980.
This looks like a ASCII vs UTF-8 bug. I would be very surprised if Apple's low-level library conversion code was to blame, since a bug at that level would show up all over the place.
One of two things happened: Either a programmer decided to "roll his own" ASCII to UTF-8 parser (and got it wrong), or he used one of the printf/scanf functions wrong (assuming it was written in C).
Either way, the problem was the programmer doing invalid parsing of the input.
(Score: 0) by Anonymous Coward on Wednesday June 23 2021, @01:11AM (1 child)
As the other AC above points out "An SSID is a 32byte binary entity.". WTF would you ever convert to UTF or anything else? Just treat it as 32 bytes. The most you should ever do would be to show it as 16 hexadecimal digits, and that would be display only, you would never use it.
(Score: 0) by Anonymous Coward on Wednesday June 23 2021, @04:33AM
The standard actually provides for multiple SSID types. The main two are the opaque octets and UTF-8. Even the opaque octets are suggested to be displayed as ASCII if all the characters are printable.
(Score: 3, Funny) by TheGratefulNet on Tuesday June 22 2021, @01:57AM (1 child)
damn shame: apple applies sprintf() to ssid fields
I never thought of that. amaz
NO CARRIER
>_
"It is now safe to switch off your computer."
(Score: 3, Funny) by Tork on Tuesday June 22 2021, @04:24AM
Apple joke ruined by the Windows sig. Heh.
🏳️🌈 Proud Ally 🏳️🌈