Over its course of existence, iOS has no shortage of bugs and vulnerabilities that were exploited by unsavory characters to launch attacks to owners of iPhones and iPads. Today, a new security flaw on iOS 8 has been discovered which can be used by attackers to crash any iDevice within WiFi range. More details about this iOS 8 security flaw after the jump.
During the RSA security conference in San Francisco earlier today, a security firm called Skycure presented an iOS vulnerability called ‘No iOS Zone’. Basically, this vulnerability on iOS 8 enables attackers to crash any iPhone or iPad within range of a WiFi hotspot. Devices are vulnerable regardless whether they’re deliberately connected or not.
The vulnerability takes advantage of a bug in iOS 8: namely, that by manipulating SSL certificates sent to iOS devices over a network — certificates used in virtually every app, and in iOS itself — the researchers could make iOS devices crash, in the worst-case scenario putting them into a constant boot-loop.
That doesn’t seem so bad, right? You can just avoid connecting to some random WiFi hotspot and you’ll be fine. Well, not really. As discovered by the security researchers, iOS devices are pre-programmed by network carriers to automatically connect to certain WiFi networks. For example, AT&T subscribers are automatically connected to any network that’s labeled ‘attwifi’. Again, this is done automatically by your iDevice which can only be prevented by disabling WiFi altogether.
The end result is that the Skycure team could create a tainted Wi-Fi hotspot, which any nearby iOS device would connect to, and then constantly crash, rendering the device useless. And, because the device is stuck in a bootloop, there’s no easy way to disable Wi-Fi, and escape the hacker’s network.
The security firm hasn’t disclosed the full details on how to perform the attack. However, it’s said that anyone with an iPhone, iPad or iPod touch is vulnerable for now. The team is now working with Apple to fix this iOS 8 security flaw. Consider this a reminder to refrain from connecting to shady / unfamiliar WiFi networks. [via Gizmodo]Contact Us for News Tips, Corrections and Feedback