Security researchers yesterday demonstrated a method of creating a ‘No iOS zone,’ inside of which all carrier iPhones and iPads on iOS 8 are rendered impossible to use, reports Skycure. Most apps that connect to the Internet crash on opening (shown above), and it’s even possible to put iOS devices into a constant boot loop (shown below).

The approach exploits an SSL bug in iOS, causing an app to crash when it attempts to establish a secure connection to a server. Although the exploit requires the iPhone or iPad to connect to a fake WiFi hotspot, the researchers were able to force devices to do so … 

The forced WiFi connection takes advantage of an older exploit known as WifiGate, explained by Gizmodo:

iOS devices are pre-programmed by the carrier to automatically connect to certain networks. For example, US customers on the AT&T network will auto-connect to any network called ‘attwifi’. There’s no way to prevent your phone from doing this, short of turning Wi-Fi off altogether.

Unlocked iOS devices or Wifi-only iPads obviously aren’t susceptible but the combination of the two – using a fake SSID for each carrier, and running the exploit on the wireless routers used – means that almost everyone attempting to use an iOS device within WiFi range of them would find it unusable. Even if you don’t explicitly open an app that connects to the Internet, many background apps will automatically do so.

The researchers have responsibly declined to reveal the exact details of the attack method, and are now working with Apple to develop a fix. A separate SSL bug, this time within open-source networking software used by many apps, was yesterday revealed to leave around 1,500 iOS apps vulnerable to man-in-the-middle attacks – the same day we learned that OS X 10.10.3 failed to fully fix the Rootpipe vulnerability on Macs.

You can see the boot-loop in action below.

FTC: We use income earning auto affiliate links. More.


Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Ben Lovejoy's favorite gear