Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Researchers leverage SSL bug to crash Apple devices over Wi-Fi in 'No iOS Zone' attack

A bug in iOS's secure sockets layer (SSL) library could allow an attacker to force apps —  or in some cases, the entire device —  to crash if users connect to a malicious Wi-Fi hotspot, security researchers demonstrated this week.

The attack, discovered by Skycure researchers Yair Amit and Adi Sharabani, takes advantage of an issue with iOS's parsing of SSL certificates. By sending a specially-crafted certificate to a device via a Wi-Fi hotspot, the duo was able to repeatedly crash both individual apps and iOS itself.

A modified version of the attack was able to induce a perpetual reboot cycle, effectively rendering an iPhone useless as long as it was in range of the affected hotspot.

Amit and Sharabani have reported the issue to Apple, and say they are working with the company on a fix. Some of the root causes may have already been addressed in iOS 8.3, and users are urged to update if possible.

SSL is a foundational cryptographic technology that underpins many secure network communications techniques, but its age has begun to show in recent years. The infamous "gotofail" bug grew from a vulnerability in Apple's SSL library, and the company recently ended support for SSL 3.0 after that version —  the most recent —  was found vulnerable to attack.



18 Comments

markbyrn 14 Years · 662 comments

Let's develop a probable scenario for this grave problem. Some Apple hating Android lover who has skillz to implement this obscure exploit sets up a free WiFi hotspot to entice iOS users and than trolls them by crashing their devices. Tim Cook, fix this now!

adrayven 12 Years · 460 comments

Most public WiFi has device isolation security on.. so this is basically meaningless. Goto Starbucks or any free WiFi, you cannot communicate with any other system on the same wifi. This is the most useless 'bug' I've seen yet. lol

bobjohnson 10 Years · 154 comments

Quote:
Originally Posted by Adrayven 

Most public WiFi has device isolation security on.. so this is basically meaningless. Goto Starbucks or any free WiFi, you cannot communicate with any other system on the same wifi.

This is the most useless 'bug' I've seen yet. lol

 

How about instead of doing that, I bring my own hotspot to Starbucks and spoof the SSID of the real network. People unknowingly connect to my hotspot rather than the legitimate one, and I send their iPhones and iPads into reboot spasms.

 

Have some imagination...

libdem 12 Years · 36 comments


"Obscure" bug.Are you high man? know it was 4/20 but jeez....Anyway good job  researchers for exposing the vulnerability. Better them than some Apple apologizing tick.

auxio 19 Years · 2766 comments

I'll keep a WiFi jammer handy in case anyone tries this on me.

 

If I'm in a really bad mood, I'll harvest the hardware information about their hotspot, search for known vulnerabilities (almost all cheap hardware has them), and reconfigure their hotspot.  Then I'll use it to bombard NSA email accounts with terrorism-related text.

 

But anyways, definitely something Apple needs to fix.  Given all of the SSL-related exploits lately, it sounds like they should have people audit the whole SSL stack.