Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Bug Cellphones Handhelds IOS Iphone Networking Wireless Networking Apple IT

iOS WiFi Bug Allows Remote Reboot of All Devices In Area 117

New submitter BronsCon writes: A recently disclosed flaw in iOS 8 dubbed "No iOS Zone" allows an attacker to create a WiFi hot spot that will cause iOS devices to become unstable, crash, and reboot, even when in offline mode. Adi Sharabani and Yair Amit of Skycure are working with Apple for a fix; but, for now, the only workaround is to simply not be in range of such a malicious network.
This discussion has been archived. No new comments can be posted.

iOS WiFi Bug Allows Remote Reboot of All Devices In Area

Comments Filter:
  • by jfdavis668 ( 1414919 ) on Thursday April 23, 2015 @01:29PM (#49539291)
    So I can get a seat at my local coffee house.
  • by TWX ( 665546 ) on Thursday April 23, 2015 @01:31PM (#49539319)
    ...of Microsoft-free Fridays?
  • by fustakrakich ( 1673220 ) on Thursday April 23, 2015 @01:36PM (#49539377) Journal

    Exactly how does that work if the wifi is turned off?

    • by Anonymous Coward on Thursday April 23, 2015 @01:47PM (#49539465)

      You're turning WiFi off wrong.

    • Re: (Score:3, Informative)

      by Anonymous Coward

      From what I got from the pdf of their presentation, as long as you are in range of the attacker's network, you won't be able to switch to offline mode before iOS crashes and reboots. You'll have to physically move out of range of the network before you go into offline mode. Of course, if you are in offline mode to begin with when you are in range of the attacker's network, you won't be affected until you turn on your wifi.

      • iOS won't attempt to join a Wi-FI network until you enter your passcode. Seems like a good protection against this would be to have a passcode and control panel enabled from the lock screen.

        Phone boots up after crashing; DON'T unlock it, just swipe up the control center, turn off Wifi, then unlock.

        • This attack doesn't seem to require joining the network in any way.
          A simple wifi scan will do it which would still be occurring whilst locked.

    • by Anubis IV ( 1279820 ) on Thursday April 23, 2015 @02:03PM (#49539639)

      I was curious as well, so I read through their presentation slides [rsaconference.com] and their press release [skycure.com].

      The gist of the attack is that they've crafted a malicious SSL cert that can cause strange behavior in apps and the OS itself, including the possibility of initiating a crash-reboot-get malicious SSL cert-crash cycle. Once you get stuck in that cycle, there's no way to turn off WiFi, hence why they said that offline mode would not remedy the issue. That said, offline mode can indeed keep you from getting stuck in that cycle to begin with, and the researchers even recommended it as one of the ways to avoid the problem entirely. Alternatively, if it's already too late for you and you're in the crash loop, simply leaving the area will fix the issue for you, since you'll be able to pull down valid SSL certs and reboot as normal.

      Which is to say, the summary has it wrong, since the attack cannot cause you to enter the crash loop while you're in offline mode, but you won't be able to enter offline mode once you're in the crash loop, so offline mode cannot save you at that point. Only leaving the area will work.

    • Apple phones have GPS devices that are active even when the phone is powered off. Take a guess if they sniff wifi while wifi is "off"
    • Exactly how does that work if the wifi is turned off?

      That doesn't matter. The chip iPhone uses combines the wifi/baseband/bluetooth/radio/wifi-assisted-location all-in-one to save on battery.

      And per the 3GPP technical specifications for GSM, the low baseband is never actually turned off (in case of an earthquake warning or a tsunami warning, it's always listening for a polling call for it to wake it up, or to boot up the device), This works even when the mobile cell phone service is turned off, when the wifi is turned off, and it can even work even when the p

  • by Anonymous Coward

    Seriously. the fact that offline mode is not offline is a bigger issue that this exploit.

  • Literally (Score:5, Funny)

    by grasshoppa ( 657393 ) <skennedy@tpno - c o . o rg> on Thursday April 23, 2015 @01:42PM (#49539429) Homepage

    That's a literal "work around".

    Heh.

    I'll get my coat.

  • by Anonymous Coward on Thursday April 23, 2015 @01:42PM (#49539433)

    You're being somewhere wrong

  • So offline mode isn't offline? This sounds like a bigger problem, than incorrect handling of a corrupt certificate.
    • I would agree that this is very much the more interesting point, that if you have turned off the antennas, it is still listening. NSA, is this a feature for you?

    • by suutar ( 1860506 ) on Thursday April 23, 2015 @01:58PM (#49539607)

      It's not that a phone that's offline is still vulnerable to wifi; it's that once this attack (which is carefully designed to get this result) hits you can't get enough control to go offline. The summary's got an inaccurate paraphrase, but TFA's phrasing isn't immediately clear. The researcher's blog [skycure.com] has a better description.

      • Indeed, I realized the error upon re-reading the article. If only I could update the summary...
  • Darn it (Score:5, Funny)

    by 93 Escort Wagon ( 326346 ) on Thursday April 23, 2015 @01:47PM (#49539467)

    I thought I was going to get First Post, but then this iPhone kept constantly rebooting.

  • App? (Score:5, Interesting)

    by viperidaenz ( 2515578 ) on Thursday April 23, 2015 @02:25PM (#49539829)

    So my Android device can act an an AP, is there an app for this yet?

    • Almost all wifi radios can act as an AP. It was part of the standard for Ad-hoc networking, which has been gutted in modern implementations. I really hate that all the tech companies decided Ad-hoc was a threat to revenue and dont expose it in the UI.
    • About 80% of my coworkers use iOS devices. I could have a great deal of fun with this...
  • So theaters don't have to build an illegal cell phone jammer. Just put up a WiFi network to nothing, and crash every iPhone in the theater for you.
  • by Anonymous Coward

    Conceptually, it sounds an awful lot like Woz' TV jammer.

  • Carry a Faraday cage with you, put your phone in it, reboot, and once it's rebooted, unlock the phone and turn off the WiFi.

    You'll need to make it big enough to cover your hand and phone and transparent enough to see what you are doing.

    It won't be complete because unless the Faraday cage covers your entire body (including your feet), the malicious WiFi signal could theoretically come through where your arm is. But unless the signal is really strong or bouncing off the wall behind you, you should be able to

  • '...for now, the only workaround is to simply not be in range of such a malicious network.' Really? How about not owning an iOS device?

    • Herp derp. You could take the same approach to literally every security vulnerability ever. Remote exploit in the Linux kernel? Workaround: don’t use Linux! Malicious web pages? Workaround: don’t use the WWW!

  • So, basically an anti-hipster device? I want one.
  • Together with the other exploits for Gatekeeper in OSX that just came out, this goes on to prove a very simple point. iOS and OSX are not fundamentally safer than Android or Windows, they where just protected because the installed user base was not enough to catch hackers attention on the desktop platform. That it's clearly changing.
  • I so have an IPhone but I also have a couple Windows Phones and several Android phones. My favorite is the Note 3, even better now that AT&T finally upgraded it to Lollipop. Gotta have an extra couple phone with you just in case.

When I left you, I was but the pupil. Now, I am the master. - Darth Vader

Working...