No iOS Zone: iPhone security flaw can crash smartphone when connecting to Wi-Fi
Security researchers show how a vulnerability in iOS 8 leaves iPhones and iPads open to denial of service attacks simply by connecting to Wi-Fi.
The vulnerability, known as No iOS Zone and unveiled at the RSA conference in San Francisco by Adi Sharabani and Yair Amit from Skycure, will allow hackers to crash any iPhone or iPad which connects to a wireless network which has been designed to mimic hotspots from your mobile phone network.
iPhones and iPads sold by mobile phone networks are often set-up to automatically connect to wireless hotspots which offer their customers free access at public locations such as trains stations, shopping centres or city centre locations.
If however a malicious actor set up a wireless network which mimicked the name of these networks then your iPhone or iPad would automatically connect using another vulnerability which the same researchers discovered in 2013 called WiFiGate
SSL certificates
The vulnerability allows the hackers to manipulate SSL certificates - which are used by almost every single app on Apple's App Store - and send them over Wi-Fi to the victim, causing the iPhone or iPad to crash and reboot.
The exploit only works on devices running iOS 8 - the latest version of Apple's mobile operating system - and will only work on devices pre-configured to automatically connect to certain wireless networks.
The only way of preventing this from happening is to turn off Wi-Fi altogether.
The attack's effects are limited to crashing connected iPhones and iPads, with attackers not able to access any critical information from your device.
However this type of attack could be used at events such as protests, concerts, marches and other event where a lot of people will be looking to connect to wireless networks and cause a lot of confusion.
Sharabani and Amit say they are working with Apple to develop a fix for the vulnerability which means we could see it rolled out as part of the the iOS 9 update later this year.
© Copyright IBTimes 2024. All rights reserved.