Fancy being in, say, an internet café or hooked up to some form of wireless hotspot, and then having your iOS device repeatedly crashed – over, and over, and over. Nope? We thought not, but sadly, a newly uncovered serious zero-day vulnerability in iOS 8 allows exactly this to happen.
The flaw, which goes by the name of ‘No iOS Zone’, can be exploited by a malicious Wi-Fi hotspot to crash iPads and iPhones running iOS 8, and indeed as mentioned, under “certain conditions” it can be used to fire off repeated crashes that essentially make Apple devices unusable.
The Register spotted that the details of this flaw were shared at the RSA conference by Adi Sharabani and Yair Amit, both the co-founders of mobile security startup Skycure.
Sharabani told the RSA conference: “Anyone can take any router and create a Wi-Fi hotspot that forces you to connect to their network, and then manipulate the traffic to cause apps and the operating system to crash.”
And the only solution to avoid such a malicious attack? Basically, all you can do is move out of range of said wireless hotspot.
How does the attack work exactly? It’s described as an “SSL certificate parsing vulnerability”, but Skycure doesn’t reveal much in the way of details for obvious reasons – Apple hasn’t fully fixed the flaw yet.
Amit wrote: “We’ve reported the issue to Apple per our responsible disclosure process. As the vulnerability has not been confirmed as fully fixed yet, we’ve decided to refrain from providing additional technical details, in order to make sure iOS users are not exposed to the exploit caused by this vulnerability.”
So for now, if you do encounter this issue, is there anything that can be done? As mentioned, you can simply disconnect from the bad Wi-Fi network by moving away from it – and indeed, in general, Skycure notes that you should avoid connecting to any suspicious seeming “free” Wi-Fi network, anyway.
The latest update to iOS 8.3 may have fixed some of the threats Skycure pointed out, too, so iDevice users are advised to update to this latest version – running the most up to date version of an OS is good security practice to dodge any potential vulnerabilities out there, of course.
It sounds like you’d be fairly unlucky to encounter this flaw in the wild, though – and hopefully Cupertino will patch any remaining issues with it in short order.