Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Bug in iOS can break iPhone Wi-Fi using rogue hotspot name

Last updated

A bug has been discovered in iOS that can disable an iPhone's ability to connect to Wi-Fi hotspots, if it attempts to initially connect to a hotspot with a specific name that breaks the function.

Security researcher Carl Schou gave a personal Wi-Fi hotspot a name of "%p%s%s%s%s%n." On trying to connect to the hotspot, Schou discovered the iPhone simply couldn't connect to it at all, and later discovered that it disabled Wi-Fi connectivity completely on the device.

Attempts to connect to other hotspots failed, with the issue continuing to mainifest after changing the hotspot's SSID and rebooting the iPhone, according to BleepingComputer. The issue was also confirmed by others testing out the same SSID name separately.

Tests also point to it being a problem just with iPhones, as Android devices appear to connect to the unusually-named access point without issue.

Other researchers examining the phenomena believe it is an issue with input parsing, in that the percentage sign at the start may be misinterpreted by iOS as a string-format specifier, in that characters following may be a variable or a command rather than plain text.

To fix the problem on affected iPhones, users have to reset their iOS network settings.

How to reset network settings in iOS

  • Open Settings
  • Select General then Reset
  • Select Reset Network Settings
  • Confirm the request.
  • Once the iPhone has restarted, set up your Wi-Fi as normal.

The discovery is reminiscent of text messages that contained strings and special characters that could cause problems for iPhones and iPads. For example, April's "text bomb" forced iPhones to crash if a flag emoji and a specific Sindhi language character were viewed in an incoming notification.

Keep up with everything Apple in the weekly AppleInsider Podcast — and get a fast news update from AppleInsider Daily. Just say, "Hey, Siri," to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too.

If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple's Podcasts app, or via Patreon if you prefer any other podcast player.

AppleInsider is also bringing you the best Apple-related deals for Amazon Prime Day 2021. There are bargains before, during, and even after Prime Day on June 21 and 22 — with every deal at your fingertips throughout the event.



11 Comments

techrider 13 Years · 102 comments

I wonder what would inspire a researcher to come up with ‘let’s try 

%p%s%s%s%s%n‘?

3 Likes · 0 Dislikes
davidw 18 Years · 2127 comments

techrider said:
I wonder what would inspire a researcher to come up with ‘let’s try %p%s%s%s%s%n‘?

It seems that "%p%s%s%s%s%n" was the actual name of a WiFi hotspot he set up. Not something he randomly entered into his iPhone, on the whim. And it would seem that any WiFi name that starts with a "%" would have triggered the bug. So he would had gotten the same result with something like "%MyHotspot"

What i'm wondering is whether the WiFi name showed up under the list of WiFi available to join or did he have to manually enter that WiFi name under "join other network"?  If I set up a WiFi network named "%FreeWiFi", would it disable the iPhone  WiFi of unsuspecting iPhone users that tried to join because they were tempted by the name to select it from the list of available WiFi networks in the area?  

1 Like · 0 Dislikes
JustSomeGuy1 7 Years · 330 comments

I'm surprised this isn't attracting more attention. This is an awful bug, and quite possibly a privilege escalation vulnerability, once someone figures out how to use it.
The article calls it a "strong-format" specifier. It's really a "string format" specifier, and the fact that this bug exists at all is just a terrible failure. It means the code isn't doing input sanitization on WiFi names. The fact that it crashes WiFi until network settings are reset likely means that it's causing an overflow that trashes the plist. (Similar problems have existed in MacOS in years past, though due to other causes.) There may be memory corruption as well.

2 Likes · 0 Dislikes
elijahg 19 Years · 2854 comments

lkrupp said:
Yaaawnn...

Why is this "yaaawnn"? Think Apple bugs shouldn't be reported because it makes them look bad or some crap? If this was an Android or Windows bug no doubt you'd be "HAHA shit Google/MS programmers!!" Some apologists here really are insufferable.

1 Like · 0 Dislikes