Posted April 24, 2015

ThreatMetrix-CafeThreatsiOS Vulnerability Discovered by Researchers Could Let an Attacker Crash Any iPad or iPhone within Range of WiFi Hotspot

Researchers discovered an iOS vulnerability that turns WiFi into Why Me!!! Now imagine you’re strolling past a WiFi hotspot without a care in the world except how to pay your monthly iPhone bill. Well no worries. The mere act of walking past the WiFi hotspot could solve that problem because, say researchers, that’s all it’ll take to turn your iPhone into a doorstop.

In his piece on gizmodo.com Chris Mills explains what the researchers discovered. The following has been excerpted from his article and edited to fit our format. You may find the complete article by clicking on this link.

A bug in iOS.8

The vulnerability takes advantage of a bug in iOS 8: namely, that by manipulating SSL certificates sent to iOS devices over a network — certificates used in virtually every app, and in iOS itself — the researchers could make iOS devices crash, in the worst-case scenario putting them into a constant boot-loop.

Not connecting doesn’t help

At first glance, the vulnerability doesn’t seem too bad: after all, in order to have those bad SSL certificates sent to you, the attacker needs control of the Wi-Fi network. So just don’t connect to random Wi-Fi hotspots, and you should be fine — or you’d think.

Have to turn off WiFi completely

The researchers combined the SSL certificate flaw with an older exploit, one they’d named WiFiGate. In short, they found that iOS devices are pre-programmed by the carrier to automatically connect to certain networks. For example, AT&T customers will auto-connect to any network called ‘attwifi’. There’s no way to prevent your phone from doing this, short of turning Wi-Fi off altogether.

No way out

[The] Skycure team [i.e., the researchers who found the flaw] could create a tainted Wi-Fi hotspot, which any nearby iOS device would connect to, and then constantly crash, rendering the device useless. And, because the device is stuck in a bootloop, there’s no easy way to disable Wi-Fi, and escape the hacker’s network. [The] vulnerability can be used to render any iOS device in a certain location completely useless….

Apple working on a fix

The team is working with Apple on a fix; in the meantime, they haven’t disclosed the full details of their attack, but anyone with an iPhone is theoretically vulnerable for now.

Advice from ThreatMetrix on how to avoid the bad guys at WiFi hotspots:

In Avoid a Very Expensive Cup of Coffee: ThreatMetrix Has Tips to Stop Cybertheft When Using WiFi at Coffee Shops, Eateries and Other Public Places, Dean Weinert, ThreatMetrix product manager, cautions, “Consumers can easily access public Wi-Fi networks from just about anywhere – and so can cybercriminals. Cyberthreats are certainly a reality at local coffee shops and other wireless hotspots. If consumers don’t take extra precaution to protect their personal devices, they can unwittingly share sensitive information with cybercriminals interfering on the network.”



close btn