iOS 8 vulnerability can be caused by the wifi coverage range of any iPhone iPad constantly restarts-bug warning-the black bar safety net

ID MYHACK58:62201561598
Type myhack58
Reporter 佚名
Modified 2015-04-24T00:00:00


On Tuesday, San Francisco's RSA Security Conference, researchers presented their latest research results-iOS 8 of 0day vulnerabilities“non-iOS”. As the name suggests, to be able to make a WiFi range of Apple iPhones, iPads, iPods devices to constantly restart, the victim caught after can do only is: run far point. ! Domineering exposed:“no iOS area” Mobile security company Skycure researchers Adi Sharabani and Yair Amit on Tuesday, San Francisco's RSA Security Conference to showcase their latest research, the name is also very domineering, called the“non-iOS”. It's a bit like for iOS devices DoS attack, the result is the individual iOS application crash, or a user's entire iPhone crashes. An attacker can create a malicious wifi network, through this network can be very precise to get close to the user's mobile device to crash. In addition, the“no iOS area(No iOS Zone)”attacks can make a wireless network range iOS device constantly reboot, completely unavailable. This attack method is similar to the DoS(denial of services attacks, for the site of DoS attacks such that the user cannot access the site, and this"free iOS zone"attack is also true: Anyone can get a router, build a(malicious)Wifi hotspot, and then forced(in the vicinity of the user)connection(the attacker's)network, then the process flow, thereby leading to(victim Phone)application and theoperating systemcrash"Sharabani at the RSA conference said. Disconnection is also useless That come across such a malicious Wifi? Go away! It sounds very helpless, but the user is currently in the face of such attacks really have no other choice-the iOS users can do only leave the malicious hotspot coverage. Sharabani said: “In addition to the physical away from the attacker you there is no alternative. This is not so you can't use Wifi denial of service(DoS)attack, but you in offline or cannot use the device of denial of service attacks.” Another prevention method is: do not use those of you on the street to find that free Wi-Fi. ! During the attack The attacker has to do is establish a wifi network in order processing is sent to the iOS device's SSL certificate. Once the device connected to the malicious Wi-Fi hotspot, an attacker could launch a malicious script, the script causes the app and phone system crashing.

View information about the wireless attacksPDF document

Sharabani and Amit on the matter to contact Apple, but it remains unclear Apple will not release a patch. Therefore, the researchers decided not to disclose more about the attack of technical details, to ensure that the iOS user Safety.