Security researchers have uncovered a vulnerability with iOS 8 which allows evil attackers to crash and reboot any iPhones, iPads or iPods in their vicinity.
The “No iOS Zone” bug was uncovered by Adi Sharabani and Yair Amit of mobile security firm Skycure, who recently presented their findings to the RSA security conference in San Francisco.
A malicious user could apparently set up a wireless hotspot which susceptible iOS devices would then automatically connect to when in range. This evil hotspot of doom could then knock the iPhone or iPad offline entirely, triggering crashes and reboots at will – and the only thing an affected person can do to rescue their device is run far away.
Unlike many other exploits, which only affect the network capabilities of a device, “No iOS Zone” could ostensibly render any iOS 8 device unusable, even in offline mode.
The damage is done by manipulating the SSL certificates which are sent to the device over the dodgy Wi-Fi connection. Specially generated certificates would allow an attacker to hit any app which performs SSL communication, which is unfortunately virtually every app in the Apple App Store, forcing it to crash and die. With enough pressure on installed apps, the whole operating system can be forced to crash too and in extreme circumstances an iPhone or iPad can even be forced into a reboot cycle, rendering them totally unusable.
Sharabani and Amit have reported the bug to Apple, who are reportedly working hard to come up with a fix but the pair have said that users should take a little care with their devices until a fix is rolled out.
If you find your device crashing or rebooting without good reason you should try and disconnect from the Wi-Fi connection you’re on. Failing that, pull up your trouser legs and get the heck out of your local area.
Leave a Reply