Security researchers yesterday demonstrated a method of creating a ‘No iOS zone,’ inside of which all carrier iPhones and iPads on iOS 8 are rendered impossible to use, reports Skycure. Most apps that connect to the Internet crash on opening (shown above), and it’s even possible to put iOS devices into a constant boot loop (shown below).
The approach exploits an SSL bug in iOS, causing an app to crash when it attempts to establish a secure connection to a server. Although the exploit requires the iPhone or iPad to connect to a fake WiFi hotspot, the researchers were able to force devices to do so …
iOS devices are pre-programmed by the carrier to automatically connect to certain networks. For example, US customers on the AT&T network will auto-connect to any network called ‘attwifi’. There’s no way to prevent your phone from doing this, short of turning Wi-Fi off altogether.
Unlocked iOS devices or Wifi-only iPads obviously aren’t susceptible but the combination of the two – using a fake SSID for each carrier, and running the exploit on the wireless routers used – means that almost everyone attempting to use an iOS device within WiFi range of them would find it unusable. Even if you don’t explicitly open an app that connects to the Internet, many background apps will automatically do so.
The researchers have responsibly declined to reveal the exact details of the attack method, and are now working with Apple to develop a fix. A separate SSL bug, this time within open-source networking software used by many apps, was yesterday revealed to leave around 1,500 iOS apps vulnerable to man-in-the-middle attacks – the same day we learned that OS X 10.10.3 failed to fully fix the Rootpipe vulnerability on Macs.
You can see the boot-loop in action below.