Researchers have used a bug in the iOS secure sockets layer (SSL) library to cause both iOS apps, as well as the devices themselves, to crash when connected to a malicious Wi-Fi hotspot.
The attack, discovered by Skycure researchers Yair Amit and Adi Sharabani, takes advantage of an issue with iOS’s parsing of SSL certificates. By sending a specially-crafted certificate to a device via a Wi-Fi hotspot, the duo was able to repeatedly crash both individual apps and iOS itself.
A modified version of the attack was able to put an iOS device into a perpetual reboot cycle for as long as the device was in range of the malicious hotspot.
Reserchers were able to force the devices to connect to the malicious hotspot, using an older exploit known as WifiGate:
iOS devices are pre-programmed by the carrier to automatically connect to certain networks. For example, US customers on the AT&T network will auto-connect to any network called ‘attwifi’. There’s no way to prevent your phone from doing this, short of turning Wi-Fi off altogether. – Gizmodo, via 9to5Mac
The researchers have declined to reveal the exact details of their attack method, and contacted Apple about the issue, and are reported to be working with the company on a fix.
Researchers suggest the following until a fix is developed: