In a blog post titled "No iOS Zone," mobile security research firm Skycure has outlined, in very general terms, an attack on iOS 8 devices that throws them into a cycle of continual restarts. They demonstrated this attack at the RSA security conference in San Francisco, using a special public WiFi network and an invalid SSL certificate. Skycure says it is currently working with Apple on a fix to this issue but in the meantime iPhone and iPad users should hesitate to connect to any public WiFi hot spots until the flaw is fixed.
Skycure claims that the issue is related to another issue where an installed app that relies upon SSL encryption, as most do, is presented with a specific improper certificate that may cause the app to crash. This new issue, however, is a much broader issue as it affects an OS-level service - WiFi connectivity - and not a singular app. According to the following video posted to YouTube, an iPhone will simply reboot over and over again after having connected to a malicious network.
As is being widely reported, it is not difficult to spoof existing widely available hotspots like 'attwifi' or airport public networks, and it's unlikely that the average user will have enough knowledge or forewarning in order to avoid attacks like this, so it is left up to Apple to patch this issue as quickly as possible. This flaw continues a troubled few years for Apple when it comes to security, as their rise in market share leaves them scrambling to stay ahead of hackers.
Source: Skycure via Engadget | Image Broken iPhone via ymgerman / Shutterstock.com
19 Comments - Add comment