Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

New malformed Wi-Fi name bug can require iPhone factory reset to fix

Last updated

A bug in the way iOS handles Wi-Fi hotspot names is apparently worse than first thought, with one malformed SSID found to disable Wi-Fi access on an iPhone completely, requiring a factory reset to rectify it.

In June, security researcher Carl Schou discovered a personal Wi-Fi hotspot name of "%p%s%s%s%s%n" causes problems for iOS devices. It was found that iPhones simply couldn't connect to the hotspot, and in fact disabled Wi-Fi connectivity in some instances.

While that issue could be fixed by reseting the network settings within iOS, Schou has since discovered a variant along the same lines that can cause more harm to an unsuspecting iPhone. According to Schou in a tweet on Sunday, using the SSID "%secretclub%power" can disable an iOS device's Wi-Fi capabilities, with no guarantee that a network settings reset will restore connectivity.

Schou claims the iPhone used to test still didn't have Wi-Fi after repeated resets of network settings and a forced restart of the iPhone. The researcher has also contacted Apple's device security team over the matter, but has yet to hear anything back.

The original bug was believed to be an issue with input parsing, where the percentage sign could be misinterpreted by iOS as a string-format specifier, namely that characters following the symbol could be considered a variable or a command instead of plain text.

While the new SSID does jokingly promote Secret Club, a technology exploration group Schou is involved with, the use of the percentage signs followed by the characters S and P are most likely the problem areas for the hotspot name bug. Analysis of the issue confirms a format string bug is behind it, though it doesn't seem to be a highly exploitable vulnerability for a bad actor.

It is highly likely that there are many more combinations of text strings that could cause problems within iOS in this manner, but only until the bug is patched out by Apple. While the company is beta-testing iOS 14.7 and iOS 15, it is unclear if the issue will be fixed in those releases by the company.

For the moment, AppleInsider recommends users don't connect to unfamiliar Wi-Fi access points, especially if they include unusual symbols.

Keep up with everything Apple in the weekly AppleInsider Podcast — and get a fast news update from AppleInsider Daily. Just say, "Hey, Siri," to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too.

If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple's Podcasts app, or via Patreon if you prefer any other podcast player.



12 Comments

Xed 4 Years · 2896 comments

Well this is one I'm not going to test.

Useless Message Poster 5 Years · 11 comments

You guys are about a week behind on this one. 

How do you figure?  There was a post on this here last week on the first issue, and now an update that the guy found came out earlier today.  I'd say they are right on it.  Or did you know about the Secret Club version earlier than today?

mk2021 3 Years · 1 comment

I have found if my PW has similar characters, it creates an issue with Wi-Fi not working correctly on an iPod touch.

Even a factory reset has not solved the issue.

PW has also been changed.

dysamoria 12 Years · 3430 comments

Why would a router name ever be handled as anything other than a plain text string? Why is it even possible for that string to be read as some kind of format/type specifier?

Databases usually have “illegal” characters stripped, and it has, in my past experience, been extremely irritating to see which characters certain databases dislike (inconsistently), because of how it limits the human usage of said databases. There are still systems on the internet that refuse to accept modern password strength requirements (government and corporate), forcing a maximum of 8 characters for password and/or user ID. What outdated software are they running??

We generally find protection against storing illegal characters, such as in file & volume name dialogs. That same process isn’t used to limit WiFi IDs? Is there not a formalized definition for a WiFi ID’s allowable characters?

Why, in modern computing, is it still possible to break things via “unexpected” characters?

Xed 4 Years · 2896 comments

dysamoria said:
Why would a router name ever be handled as anything other than a plain text string? Why is it even possible for that string to be read as some kind of format/type specifier?

Databases usually have “illegal” characters stripped, and it has, in my past experience, been extremely irritating to see which characters certain databases dislike (inconsistently), because of how it limits the human usage of said databases. There are still systems on the internet that refuse to accept modern password strength requirements (government and corporate), forcing a maximum of 8 characters for password and/or user ID. What outdated software are they running??

We generally find protection against storing illegal characters, such as in file & volume name dialogs. That same process isn’t used to limit WiFi IDs? Is there not a formalized definition for a WiFi ID’s allowable characters?

Why, in modern computing, is it still possible to break things via “unexpected” characters?

1) My weakest passwords are with my financial institutions. Some don't even have 2FA options. It's pathetic.

2) I don't feel like Apple gives enough attention to their WiFi settings. Since the iPhone debuted it has bugged me that once I select the type of security (e.g.: WPA2) it doesn't jump back to the previous page or have a Next button, but instead makes you manually choose Back. I can't tell you how many time I tap and then wait for something to happen only to remember I have to do it. This isn't a dealbreaker, but it's just lazy and a lack of consistency when everything else works a certain way.

On macOS I waited years for them to hide all the possible SSIDs that I've never connected. A couple years ago they finally did that so many there is hope for the other. I think they did add WPA3 support at some point. Hopefully they'll do a housecleaning of WiFi in the coming months.