Israel-based mobile security company Skycure discovered an iOS vulnerability which could enable hackers to crash nearby devices and to put them in an unusable state.
In order to perform the hack one would need to set up a router with a specific configuration. Apps on iOS devices which connect to it will crash with only a few exceptions.
“Basically, by generating a specially crafted SSL certificate, attackers can regenerate a bug and cause apps that perform SSL communication to crash at will.” writes Yair Amit, CTO & co-founder at Skycure in a blog post. “With our finding, we rushed to create a script that exploits the bug over a network interface. As SSL is a security best practice and is utilized in almost all apps in the Apple app store, the attack surface is very wide.”
While an organised denial of service (DoS) attack using the bug could lead to big losses Skycure unveiled even further threats for Apple smartphones. According to the israeli company the SSL certificate parsing vulnerability affects also the underlying operating system. With heavy use of connected iOS devices the system crashes as well and, under certain conditions, the devices were rendered useless as they were put into a repeatable reboot cycle.
While many users might not get worried as you can switch of WiFi or disconnect from the network (when you are not already caught in the reboot cycle) Skycure pictured another scenario. In 2013 the company discovered a vulnerability which they called WiFiGate – in combination with the now unveiled possible DoS attack this could mean serious security issues for iOS devices.
“In a nutshell, the impact was that an attacker could create their own network, and force external devices to automatically connect to it.” writes Yair Amit about WiFiGate. “Combining techniques such as WiFiGate or Karma attacks with this new discovery can allow an attacker to form a “No iOS Zone”. Envision a small device, which automatically captures any iOS device in range and gets it to join a fake network. Then, it issues the attack and crashes attacked iOS devices again and again. Victims in range cannot do anything about it.”
Skycure has not revealed any technical details on how to perform the hack as the security gap is reportedly not fixed yet. Apple and Skycure are working together to resolve the issue as soon as possible. Users can download the latest iOS version, 8.3, which eliminates some of the mentioned problems but are still advised not to connected to unknown networks until the matter is completely solved.
The latest software update to iOS 8.3 eliminates some issues discovered by Skycure