• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Bug With iOS' SSL Certification Gives Hackers DoS Attack Abilities Against iOS Devices


    A new attack on iOS devices is available in the wild now, as first spotted by Skycure. The attack is categorized as a DoS (Denial of Service) attack and targets iOS devices specifically by taking advantage of carrier networks, which are available all over the place in public. One example would be the random AT&T hotspots named "attwifi" that AT&T iPhone & iPad customers will automatically become connected to when in range of them while out in public.

    Customers of carriers automatically connecting to these networks are typically given these free Wi-Fi access points to help save data, but the new DoS attack, which takes advantage of this feature that is programmed into iOS, can force the device to connect to a phony Wi-Fi network that claims to be an carrier's wireless hotspot.

    In turn, the Wi-Fi network can render the iOS device completely useless using an SSL certification glitch. This will force every application on the device to crash upon attempting to open the application. You can watch a video demonstration of an iOS device being connected to one of these phony DoS hotspots below:



    Another video from Skycure shows devices going into boot loops because they are overwhelmed by crashing due to the exploit.

    Interestingly, because iPhones and iPads with cellular capabilities are pre-programmed to connect to the respective carrier hotspots around town, the user has no way to deny connecting to these networks without completely disabling their Wi-Fi connection, which means that users are susceptible to this bug until Apple does something about it.

    SkyCure calls this threat the "No iOS Zone" attack.

    Sources: Skycure
    This article was originally published in forum thread: Bug With iOS' SSL Certification Gives Hackers DoS Attack Abilities Against iOS Devices started by Anthony Bouchard View original post
    Comments 14 Comments
    1. Oddlane's Avatar
      Oddlane -
      So what happens after you disconnect from the phony hotspot?
    1. Anthony Bouchard's Avatar
      Anthony Bouchard -
      Quote Originally Posted by Oddlane View Post
      So what happens after you disconnect from the phony hotspot?
      If you're not in a boot loop by then, should be good I assume. That's not something they highlight in their post.
    1. docmagoo2's Avatar
      docmagoo2 -
      Can't you just turn wifi off to ensure they don't connect?
    1. kelkel5313's Avatar
      kelkel5313 -
      Even the wifi is on, you can disable the abilities to auto connect to network.
    1. ArChAiC69's Avatar
      ArChAiC69 -
      Personally, I'm not too worried about this since I have unlimited data and never connect to wifi
    1. javiert30's Avatar
      javiert30 -
      Quote Originally Posted by ArChAiC69 View Post
      Personally, I'm not too worried about this since I have unlimited data and never connect to wifi
      I don't buy that one, I have unlimited data too and I still using Wifi sometimes, Did you know AT&T have weak signals sometimes depending of your location?
    1. ArChAiC69's Avatar
      ArChAiC69 -
      Quote Originally Posted by javiert30 View Post
      I don't buy that one, I have unlimited data too and I still using Wifi sometimes, Did you know AT&T have weak signals sometimes depending of your location?
      AT&T isn't my carrier tho.
    1. javiert30's Avatar
      javiert30 -
      Quote Originally Posted by ArChAiC69 View Post
      AT&T isn't my carrier tho.
      All of them lose signal somewhere
    1. vinaygoel2000's Avatar
      vinaygoel2000 -
      Quote Originally Posted by javiert30 View Post
      All of them lose signal somewhere
      Any carrier's LTE data is faster and less spotty than a free public wifi. Except Google Fiber at Starbucks.
    1. gdd2010's Avatar
      gdd2010 -
      Hence why I never leave my wifi on while away from home or familiar locations. Same as not going to sites I'm not familiar with.
    1. SpiderManAPV's Avatar
      SpiderManAPV -
      I wonder if this effects users with VPN.
    1. psxcancer's Avatar
      psxcancer -
      Sweet, I guess that's why they give you that option in your WiFi settings, "Ask to join" networks. Having that on, wont join you automatically.
    1. szr's Avatar
      szr -
      Quote Originally Posted by psxcancer View Post
      Sweet, I guess that's why they give you that option in your WiFi settings, "Ask to join" networks. Having that on, wont join you automatically.
      It normally prevents the joining of random unknown networks, but networks your device knows already (such as one's home network) will still connect to automatically when within sufficient range. The problem here is some people's devices have connected to their carrier's network at their stores or so (such as the well known "attwifi" network mentioned in the opening post) previous and so they remember that network. That's what these attackers are taking advantage of, by pretending to be AT&T's or any other carrier's free/open wifi network to fool a given device as well as it's owner.
    1. Perceptum's Avatar
      Perceptum -
      Quote Originally Posted by vinaygoel2000 View Post
      Any carrier's LTE data is faster and less spotty than a free public wifi. Except Google Fiber at Starbucks.
      Not true. We offer our patrons and guests free WiFi at 100Mbps and we are going to up that to 250Mbps before the end of the year. That blows away the 10Mbps that LTE gets around here.