Security researchers have uncovered a zero-day vulnerability in iOS 8 that could repeatedly crash users' Apple iPhones, iPads and iPods when the devices connect to a malicious wireless hotspot.
It’s like Denial of Service (DoS) attack on Apple's iOS devices that results in crashing either individual iOS apps or users' entire iPhones.
NO iOS ZONE
Adi Sharabani and Yair Amit of Mobile security firm Skycure presented their latest research, titled "No iOS Zone", at the RSA security conference in San Francisco on Tuesday.
The duo showed:
It is possible for an attacker to create malicious Wi-Fi networks in order to crash nearby users’ mobile devices with incredible accuracy.
Also, even the "No iOS Zone" attack is capable to make iOS things within the range completely unusable by triggering constant numbers of reboots.
It is nothing but a DoS attack…
...that makes the device inaccessible by its users, just like in the case of websites and servers.
> _"Anyone can take any router and create a [malicious] Wi-Fi hotspot that forces [nearby users] to connect to [attackers] network, and then manipulate the traffic to cause [their mobile] apps and the operating system to crash," _said Sharabani speaking at the RSA Conference.
So, What could be done in order to get rid of attacker's malicious Wi-Fi?
Just Run Away!
Yeah! It sounds really strange, but users have no other choice if they find themselves in this situation.
The only thing that could be done by iOS users is to run away from that malicious hotspot's range.
> "There is nothing you can do about it other than physically running away from the attackers," Sharabani said. "This is not a denial-of-service [attack] where you can't use your Wi-Fi; this is a denial-of-service [attack] so you can't use your device even in offline mode."
Another best measure is to simply avoid the free wireless networks you find in the street providing public Internet access.
Now, Let's learn how it is possible:
All an attacker need to do is create a malicious wireless network that uses the Wi-Fi connection in order to manipulate SSL certificates sent to iOS handsets.
Once the devices are connected to this malicious wireless hotspot, the attacker can launch a malicious crafted script forcing denial-of-service (DoS) which causes the apps as well as the phone to crash.
Here's the Video Demonstration:
The duo has also produced videos showing the DoS attack on iOS devices in action. You can watch the video below. You can also download the PDF related to this wireless attack.
Both Sharabani and Amit have contacted Apple about this issue, but it is yet unclear whether the company has released a complete fix or not.
Due to this reason, the duo has decided to not to provide any additional technical details about the flaws and issues they exploited in their attack; just to make sure iOS users are not exposed to the danger of the exploit caused by this vulnerability.