back to article Evil Wi-Fi kills iPhones, iPods in range – 'No iOS Zone' SSL bug revealed

A vulnerability in iOS 8 can be exploited by malicious wireless hotspots to repeatedly crash and reboot nearby Apple iPhones, iPads and iPods, security researchers claim. Skycure bods Adi Sharabani and Yair Amit say the attack, dubbed "No iOS Zone", will render vulnerable iOS things within range unstable – or even entirely …

  1. Robert Helpmann??
    Childcatcher

    MitM

    He also said the attack can be combined with HTTP request hijacking to trick iOS apps into pulling information from an attacker's servers, allowing the miscreant to compromise the software by feeding it bad data.

    Setting up a "No iOS Zone" is annoying, but being able to force victims to connect to controlled network from which a man-in-the-middle attack can be staged seems to be more severe. Different attacks for different goals, I suppose. As far as seeing it in the wild, it was used for a MitM attack, it would not be as noticeable as if the device started rebooting over and over. Time to stop wearing tin foil hats and start wrapping our phones in the stuff.

    1. werdsmith Silver badge

      Re: MitM

      An attack where my phone temporarily can't be used is a minor inconvenience.

      An attack where I connect to a rogue WiFi hotspot MitM and I am none the wiser happily sending and receiving sensitive data which is being recorded is much more of a problem. Unless it's all going to a do-nut shaped building in Cheltenham.

    2. Anonymous Coward
      Anonymous Coward

      Re: MitM

      Time to stop wearing tin foil hats and start wrapping our phones in the stuff.

      Or just turn the phone off, because wrapped in tin foil it'll be useless as a phone anyway.

      With this, and the increasing surveillance done by governments… it's hard to know where this is all going. At this rate we'll be teleported back to the 1980s before the World Wide Web and before mass adoption of mobile phones.

      The Internet: it was nice while it lasted.

    3. Anonymous Coward
      Anonymous Coward

      Re: MitM

      Sounds wonderful. If anyone can turn it into a mobile version that will disable all ithings in range from a Laptop then that would be top banana...

      1. Anonymous Coward
        Anonymous Coward

        Re: MitM

        I want to take this to the nearest Apple store....

  2. Anonymous Coward
    Paris Hilton

    Force connection?

    I may have missed it in the PDF, but how exactly do you force a device to connect a network?

    From the researcher's blog:

    "Users should disconnect from the bad Wi-Fi network or change their location in case they experience continuous crashing or rebooting."

    So once out of range I can remove the network from my list of known networks and I will no longer have the problem...

    "In general, users should avoid connecting to any suspicious “FREE” Wi-Fi network."

    So unless I connect to the network I will not have a problem....

    How are they going to force the connection to be able to exploit the bug?

    Paris, because I'm as confused as she is.

    1. Anonymous Coward
      Anonymous Coward

      Re: Force connection?

      I may have missed it in the PDF, but how exactly do you force a device to connect a network?

      There is a mode in which iThings connect to any network that will allow it in (I suspect it's the same with Android). I specifically killed that off because I don't *want* the device to connect to networks without my knowledge, and it appears that wasn't a bad idea..

      Having said that, it's not difficult to mimic an existing network, and then you may be out of luck. You could have fun going to Starbucks, for instance.

      1. Roland6 Silver badge

        Re: Force connection?

        I may have missed it in the PDF, but how exactly do you force a device to connect a network?

        In the iOS WiFi settings there is an option "Ask to Join Networks". If this is not enabled then the device will attempt to connect to any known network AND available open networks. Enable it and your device will only automatically connect to known networks.

        However, there is one obvious loop-hole namely public hotspot SSIDs, which many users will have listed as known networks, these are obviously easy to find and hence be impersonated. Because the connection is done quietly, a user may be unaware their pocketed device has connected to "Starbucks" as you entered MCDonalds...

        Additionally, there is the unknown as how iOS handles hidden SSID's. I would of hoped in iOS 8 that Apple has effectively disabled support for this pointless mode of operation and hence the device doesn't periodically broadcast known SSID's in a vain attempt to find a network. As this broadcasting of SSID's enables the use of tools that simply takes the SSID a device is looking for and create an instant access point for that network!

        1. CanadianMacFan

          Re: Force connection?

          If you have "Ask to Join Networks" turned off then it will automatically join known networks, those it has joined before. Otherwise you will have to manually select a network. That's right from the settings page.

      2. Packet

        Re: Force connection?

        I believe you're incorrect.

        Once you have "ask to join networks" disabled, it will not automatically search for new networks (and accordingly, there will be no popup asking you to choose a newly found network)

        If you have connected to a network in the past, it will connect to that automatically.

        From the apple manual:

        Ask to join networks: Turn on Ask to Join Networks to be prompted when a Wi-Fi network

        is available. Otherwise, you must manually join a network when a previously used network

        isn’t available

    2. Morloch

      Re: Force connection?

      How to force a connection.....

      Try googling WiFi Pineapple.

      Put simply, if you have ever connected to an unsecured WiFi hotspot and not deleted it from your device afterwards, then this puppy will spoof the SSID.

      Combine it with plugins available and all those automatic attempts to login to Facebook, Twitter, etc will be simply handing out your account details...

      1. Anonymous Coward
        Anonymous Coward

        Re: Force connection?

        Combine it with plugins available and all those automatic attempts to login to Facebook, Twitter, etc will be simply handing out your account details...

        Not so fast - that would require a correct SSL site cert because all of these now use https links. Not that most users won't just OK the cert error, but it's not *that* easy.

        1. Alun Jones 1

          Re: Force connection?

          For "most", the paper says "92%" of users will click to continue through an SSL certificate error warning.

        2. Anonymous Coward
          Anonymous Coward

          Re: Force connection?

          According to the blurb... 90+% do simply click OK...

      2. Anonymous Coward
        Anonymous Coward

        Re: Force connection?

        So "Force" means, under specific device configurations, where the user has connected to specifically named networks in the past and not removed them then their device will attempt to connect. Ok, now I understand.

  3. Anonymous Coward
    Anonymous Coward

    Quality

    Where can I get a hold of the source code? :)

    1. Anonymous Coward
      Anonymous Coward

      Re: Quality

      You know, our management hates spending anything. But given how much the younger generation sit playing with their phones in work hours (despite getting a disciplinary when caught) I think they'd pay for one of these to sit in the office...

  4. Michael Habel

    Slap me silly...

    But, wouldn't the Secret here be to bang the Rocks together, to turn on Airplane Mode, and vise-verse turn the Radio's off?!

    1. Velv
      Black Helicopters

      Re: Slap me silly...

      Well, duh!

      Which assumes you can get to Airplane mode quickly enough after it crashes and before it crashes again.

      Unless you permanently live in airplane mode, which kinda defeats the point of a phone or smart CONNECTED device.

      I hope everyone is aware that Apple have hard coded wifi networks that their devices will automatically connect to when in range, for example when in an Apple Store, and this has also been expanded to Bluetooth to further refine your store journey. (Look up iBeacon if you don't believe me)

      1. A Non e-mouse Silver badge
        FAIL

        Re: Slap me silly...

        I hope everyone is aware that Apple have hard coded wifi networks that their devices will automatically connect to when in range, for example when in an Apple Store

        I was in my local Apple store the other day and I had to manually select and connect to the Apple Store WiFi. It wasn't hard coded in to my iPhone at all.

      2. Anonymous Coward
        Anonymous Coward

        Re: Slap me silly...

        "Which assumes you can get to Airplane mode quickly enough after it crashes and before it crashes again."

        Can't you just hold it wrong to block the signal whilst you fiddle with the settings?

        1. Anonymous Coward
          Anonymous Coward

          Re: Slap me silly...

          Can't you just hold it wrong to block the signal whilst you fiddle with the settings?

          Ninja-level use of Apple! Rips through the fabric of the reality-distortion field itself with enhanced chi power!

  5. Juan Inamillion

    "...a Wi-Fi hotspot that forces you to connect to their network..."

    That'll be the super annoying BT-Openzone then that seems to take over your bloody phone whenever you're out and about...

    1. 080

      Or even worse, when you are at home.

    2. Anonymous Coward
      Anonymous Coward

      That'll be the super annoying BT-Openzone then that seems to take over your bloody phone whenever you're out and about...

      Yes, I had to explicitly select "forget this network" - once you make the mistake of using it, it remembers it :(

  6. Slx

    I can see public Wi-Fi nodes becoming a major problem in the coming years...

    Same with public USB chargers.

    Thankfully ubiquitous, fast, unlimited 4G will probably ultimately render them as obsolete as payphone and fax machines in the future.

    I already find a lot of public Wi-Fi that I've been forced to use tends to be slow, insanely over priced for what it is and exploiting a captive audience (certain hotels etc) full of annoying restrictions (blocked ports, ads or pop up ads being served etc.

    Quite a lot of them also still seem to be using bog-standard ADSL2+ or something similar as you often get horrendously bad speeds, even though FTTC, Cable and even FTTH in some places are pretty widespread in urban and even small town areas. My 4G phone tethering is often a vastly superior solution.

    1. John Miles

      Re: My 4G phone tethering is often a vastly superior solution.

      I can see StingRay type attacks being a problem as well

    2. Anonymous Coward
      Anonymous Coward

      "Thankfully ubiquitous, fast, unlimited 4G will probably ......."

      ...resolve this problem in some parallel universe where ubiquitous, fast, unlimited 4G stands some chance of becoming a reality.

      In fact maybe that's what dark matter is: Simply a parallel universe scattered within our own, where they have this miraculous 4G of which you speak. Along with toasters that deliver evenly browned, unburned toast, self-loading dishwashers, self-wiping bottoms, and a host of other technical marvels.

      1. asdf

        hahaha good one

        >Thankfully ubiquitous, fast, unlimited 4G

        As poster above says good luck with that especially for us here in the States forced to use Verizon. Most of the telecos here are actually starting to push for 5G with limits so you can can hit your monthly data limit in 14 secs by accident and they get gravy overage charges.

    3. Colin Wilson 2

      Even worse - there's a 'free' wifi at Gatwick Airport that forces you to download a weird e-book reader app before you can use the wifi. Heaven alone knows what it tries to do - I didn't dare run it to find out.

      1. Destroy All Monsters Silver badge
        Trollface

        Heaven alone knows what it tries to do

        It's probably just an iGideon Bible, don't be so neurotic.

  7. Matt Bryant Silver badge
    Devil

    Blocking annoying Apple users trying to hog your Wifi for iTunes?

    There's an app for that!

    (Well, that's if you don't already block them by MAC address range already.)

  8. MyffyW Silver badge

    Limited smugness

    The only iThing I own is so old it's not affected.

    But I'm going to miss YouTube when Google pulls the plug.

  9. Captain Queeg

    No news here really...

    From the looks of it these guys have simply discovered BT Openzone! ;-)

  10. Henry Wertz 1 Gold badge

    "Thankfully ubiquitous, fast, unlimited 4G will probably ultimately render them as obsolete as payphone and fax machines in the future."

    Hah! While 4G has GREATLY decreased the cost per GB of providing service, the providers in the US have gone full-greed and actually INCREASED per-GB charges over the past 5 or 10 years. Unbelievable but true.

  11. chris 17 Silver badge

    “There is nothing you can do about it other than physically running away from the attackers. This is not a denial-of-service where you can't use your Wi-Fi – this is a denial-of-service so you can't use your device even in offline mode.”

    Does that make sense to anyone? Are they suggesting it'll mess with your device even if WiFi is off as in airplane mode but you are still in range?

    if so that surely makes a mockery of airplane mode where your device is still talking via radio?

  12. Anonymous Coward
    Anonymous Coward

    Apple is buggy.

    Wonder if they'll fix it in iOS 8.5 ?

    [to be released the week after everyone installs iOS 8.4]

  13. Malcolm Weir Silver badge

    @Henry Wertz 1: Mostly true... but T-Mobile has NOT increased it's per GB charges. Probably doesn't count as a mobile phone company, though, because it does stupid things like provide no-cost international data roaming.

  14. Paul Hovnanian Silver badge

    Not seen in the wild?

    Perhaps it has. Multiple iOS devices going dark simultaneously. Scarier yet, where this is happening.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like