Jump to content

No Ios Zone


pawanism

Recommended Posts

Mobile security company Skycure revealed details about an iOS 8 vulnerability that could potentially allow an attacker to put all nearby iOS devices in an unusable state.

The company calls this bug the "No iOS Zone."

To exploit the vulnerability, an attacker would have to configure a wireless router in a specific way, and then use it to start an unprotected wireless network. Once an iOS device connects to the network, it crashes and — under certain conditions — keeps on crashing after rebooting (as seen in the video, below). Once under attack, the only way to fix the issue is to physically move away from the location of the offending wireless network.

"By generating a specially crafted SSL certificate, attackers can regenerate a bug, and cause apps that perform SSL communication to crash at will," Skycure CTO Yair Amit wrote in a blog post. "As SSL is a security best practice, and is utilized in almost all apps in the Apple app store, the attack surface is very wide."

 

 

For tech-savvy iOS users, the fix might seem simple: Set your device so that it doesn't automatically connect to unprotected networks. However, in 2013, Skycure discovered another vulnerability called WiFiGate, which makes it possible for an attacker to force a mobile device to automatically connect to a Wi-Fi network. By combining these two vulnerabilities, an attacker could create a scenario in which all iOS devices in an area immediately become useless, regardless of their wireless configuration.

While Skycure's researchers said they haven't yet seen exploits using the No iOS Zone vulnerability, users should still be careful when connecting to Wi-Fi hotspots.

"Smartphone users should take care with how they associate to Wi-Fi, especially unsecured, open access points. Attackers can carry out more subtle attacks, such as DNS poisoning and DNS hijacking, which can expose private, personally identifying information," Tod Beardsley, engineering manager at security firm Rapid7, told Mashable in a statement.

According to Skycure CTO Amit, the company has yet not publicly provided all the technical details of this vulnerability to protect iOS users from potential attacks, and is currently working with Apple on a fix. However, the latest version of iOS, 8.3, does alleviate "some" of the described issues, so users are advised to upgrade to that version as soon as possible.

Have something to add to this story? Share it in the comments.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...