No iOS zone Wi-Fi hack can crash all iPhones and iPads


A security bug has been found in iOS 8 which potentially leaves all iPhones and ipads open to denial of service attacks once they are connected to a Wi-Fi network.

The vulnerability, which is known as No iOS Zone was unveiled by Yair Amit and Adi Sharabani from the mobile security firm Skycure at the RSA conference in San Francisco.

It was revealed that the vulnerability allows hackers to repeatedly crash and reboot any iPhone or iPad connected to a wireless network by manipulating SSL certificates which are used to ensure a secure connection.

Whilst the No iOS Zone vulnerability is unable to let hackers access any personal or critical information from the device, it could be used by hackers to mimic a public Wi-Fi network, such those found at airports, train stations or wherever there is a large amount of people trying to access the same wireless network.

The only way to prevent a device running iOS 8 from falling victim to the vulnerability is to either turn off the device completely or move out or range of the wireless network.

In a post to the Skycure blog, the researchers wrote: “As SSL is a security best practice and is utilized in almost all apps in the Apple app store, the attack surface is very wide. We knew that any delay in patching the vulnerability could lead to a serious business impact: an organized denial of service (DoS) attack can lead to big losses.”

“With heavy use of devices exposed to the vulnerability, the operating system crashes as well. Even worse, under certain conditions, we managed to get devices into a repeatable reboot cycle, rendering them useless.

“Even if victims understand that the attack comes from a Wi-Fi network, they can’t disable the Wi-Fi interface in the repeated restart state as shown in the video.”

The team at Skycure go onto say that if No iOS Zone was used along with another vulnerability known as “Wi-Figate”, which allows hackers to automatically connect a device to a Wi-Fi network, then the results could potentially be very damaging.

“Victims in range cannot do anything about it. Think about the impact of launching such an attack on Wall Street, or maybe at the world’s busiest airports, or at large utility plants. The results would be catastrophic.”

The Skycure researchers say they have informed Apple of the vulnerability and will not reveal any more technical details regarding No iOS Zone until the company has released a security patch to fix the vulnerability.

The video below apparently shows the No iOS Zone vulnerability in action.

Source: Skycure


Comments are closed.