Researchers have proven that it’s possible for attackers to crash any iPhone or iPad over Wi-Fi, thanks to a bug in iOS 8. In some cases, devices can be forced into a boot-loop, rendering them unusable.
The vulnerability was demonstrated at the RSA security conference in San Francisco this week by security research firm Skycure. Dubbed “No iOS Zone,†the hack can be carried out on almost any iOS device running iOS 8, but iPhones are more vulnerable.
The attack is carried out by manipulating SSL certificates — which are used by virtually every iOS app — and then sending them to an iPhone or iPad over Wi-Fi. And in some cases, only disabling Wi-Fi on your device can avoid it.
You’d think that as long as you didn’t connect to untrusted Wi-Fi networks, you would be okay. But the problem is, most iPhones are programmed to connect to certain hotspots automatically.
For instance, devices connected to AT&T will automatically connect to hotspots named “attwifi,†and unless you disable Wi-FI on your device, there’s no way to prevent that.
“Anyone can take any router and create a Wi-Fi hotspot that forces you to connect to their network, and then manipulate the traffic to cause apps and the operating system to crash,†Skycure told attendees at RSA.
“There is nothing you can do about it other than physically running away from the attackers. This is not a denial-of-service where you can’t use your Wi-Fi – this is a denial-of-service so you can’t use your device even in offline mode.â€
The good news is, the worst thing the attackers can do is force your device into a boot-loop. They cannot gain access to your device or steal your data using this hack, so it’s really nothing more than a hugely annoying prank.
[via Gizmodo]
