Security researchers unearthed a severe zero-day vulnerability in iOS 8 that could allow a remote attacker to repeatedly crash a users’ Apple iPhone, iPod or iPad just by connecting to the WiFi network, jamming the device into a never ending bootloop (restart loop).
The attack is essentially a low-key Denial of Service (DoS) attack on iOS 8 devices by crashing individual apps and entire iPhones.
The new attack, dubbed No iOS Zone, was uncovered by security researchers Adi Sharabani and Yair Amit, of the mobile device security firm, Skycure. The duo disclosed their latest research at the RSA security conference on Tuesday.
It was shown during a live presentation that it is possible for an attacker to create a malicious WiFi hotspot disguised as an open network, forcing mobile devices to connect and then begin crashing them.
Researchers even demonstrated the No iOS Zone attack has the capability to make iOS functions freeze, causing the phone to further become unusable. It is caused by triggering a large volume of reboot requests at one time.
The No iOS Zone attack is nothing more than a Denial-of-Service attack, causing the phone to crash and become unusable just as a DoS attack against a website overloads the server turning the website offline. Causing both the device and servers to be in an unreachable state.
“Anyone can take any router and create a Wi-Fi hotspot that forces [nearby users] to connect to [attackers] network,” Sharabani said, during his No iOS Zone presentation at RSA, “and then manipulate the traffic to cause [their mobile] apps and the operating system to crash.”
So is there anyway to avoid your iPhone from becoming plagued by the attacker’s malicious hotspot? No. In short, there is no way to avoid becoming rid of the No iOS Zone attack due to your phone being in an unreachable state.
The only way to avoid the attack is to leave, or run away from the malware-laden WiFi and connect somewhere safer. Or disable your Wifi.
Another safe measure would be to avoid public WiFi networks out in the street providing free Internet access.
In a slide during the during the researchers presentation at the RSA conference, the two outlined what the attack does to your phone and who it may affect:
iOS users in range are unable to use their mobile devices:
- No WiFi, no offline work, no phone calls, no airplane mode…
Potential areas that may be attractive to attackers:
- Political Events
- Economical & business events
- Wall Street
- Governmental and military facilities
“There is nothing you can do about it other than physically running away from the attackers,” Sharabani said. “This is not a denial-of-service where you can’t use your Wi-Fi; this is a denial-of-service so you can’t use your device even in offline mode.”
To craft such an attack, an attacker needs to first create a malicious wireless network that is using Wi-Fi in order to manipulate SSL certificates sent to iOS devices. SSL certificates are used by every app and even in iOS itself, utilizing the certificate for authentication.
Once devices automatically connect to the hotspot, the attacker can automatically execute a malicious script forcing a denial-of-service, causing the iOS 8 device to crash repeatedly.
If it wasn’t already bad enough, security researchers found they could pair their SSL certificate flaw with an older exploit known as WiFiGate. While combining the two vulnerabilities, the duo found out that iOS devices are pre-programmed by their carrier to automatically connect to specific network names. For example, AT&T customers iOS devices will automatically connect to any network SSID named ‘attwifi’.
Researchers demonstrated the attack on stage and later published a video showing off the attack:
Sharabani and Amit reported their findings to Apple but have yet to hear back whether the company has released a patch for the severe flaw or not. It is also unclear if Apple will push out a security fix in their up and coming iOS 8.3.
Due to this, the researchers decided it best to not provide any additional technical details about the No iOS Zone flaw. This is to ensure iOS users are not exposed to the fatal exploit caused by the vulnerability.
It is recommended you try and disable WiFi on all iOS 8 devices when out in public to avoid the attack.