Not too long ago, there was a bug in iOS where an iDevice would become non-functional (aka: “Bricked”) if the date was set to 1/1/1970. That was fixed in the latest update to iOS. But Brian Krebs via his Krebs on Security blog has found that there is a remote exploit that can brick iDevices over WiFi. The problem is a weakness in how Apple’s iDevices continuously check Network Time Protocol servers. Simply put, it’s due to the way your iPhone automatically reconnects to a Wi-Fi network you have previously manually configured to connect:
For example, to use Starbuck’s free Wi-Fi service, you’ll have to connect to a network called “attwifi”. But once you’ve done that, you won’t ever have to manually connect to a network called “attwifi” ever again. The next time you visit a Starbucks, just pull out your iPad and the device automagically connects.
From an attacker’s perspective, this is a golden opportunity. Why? He only needs to advertise a fake open network called “attwifi” at a spot where large numbers of computer users are known to congregate. Using specialized hardware to amplify his Wi-Fi signal, he can force many users to connect to his (evil) “attwifi” hotspot. From there, he can attempt to inspect, modify or redirect any network traffic for any iPads or other devices that unwittingly connect to his evil network.
Krebs says that all an attacker would have to do once an iDevice was connected to such an access point is to issue a fake network time protocol update which would brick the device. Your best deference against this is to upgrade to iOS 9.3.1. You may also wish to be more selective about what WiFi you connect to as well.
Like this:
Like Loading...
Related
This entry was posted on April 13, 2016 at 1:58 pm and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
WiFi Network Exploit Can Brick iDevices
Not too long ago, there was a bug in iOS where an iDevice would become non-functional (aka: “Bricked”) if the date was set to 1/1/1970. That was fixed in the latest update to iOS. But Brian Krebs via his Krebs on Security blog has found that there is a remote exploit that can brick iDevices over WiFi. The problem is a weakness in how Apple’s iDevices continuously check Network Time Protocol servers. Simply put, it’s due to the way your iPhone automatically reconnects to a Wi-Fi network you have previously manually configured to connect:
For example, to use Starbuck’s free Wi-Fi service, you’ll have to connect to a network called “attwifi”. But once you’ve done that, you won’t ever have to manually connect to a network called “attwifi” ever again. The next time you visit a Starbucks, just pull out your iPad and the device automagically connects.
From an attacker’s perspective, this is a golden opportunity. Why? He only needs to advertise a fake open network called “attwifi” at a spot where large numbers of computer users are known to congregate. Using specialized hardware to amplify his Wi-Fi signal, he can force many users to connect to his (evil) “attwifi” hotspot. From there, he can attempt to inspect, modify or redirect any network traffic for any iPads or other devices that unwittingly connect to his evil network.
Krebs says that all an attacker would have to do once an iDevice was connected to such an access point is to issue a fake network time protocol update which would brick the device. Your best deference against this is to upgrade to iOS 9.3.1. You may also wish to be more selective about what WiFi you connect to as well.
Share this:
Like this:
Related
This entry was posted on April 13, 2016 at 1:58 pm and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.