DoS attack crashes iPhones over WiFi

Advertisement

Apple’s smartphones just are not having a lot of luck when it comes to SSL this week. Yesterday we told you about a problem affecting several hundred iOS apps, whereby it was theoretically possible that an attacker could intercept app data traffic. Well easy fix, right – just don’t use any of those problem apps until they’re updated? Fine for that issue, maybe, but today we learn of a new vulnerability for which there isn’t yet any obvious fix, as researchers reveal a denial of service attack that can crash apps or even iOS itself over a WiFi connection.

The attack relies on a special SSL certificate that a malicious router can employ to crash apps attempting to use SSL over its connection. The obvious answer there seems like it would be “don’t connect to untrusted WiFi APs,” but it’s trivial for an attacker to misrepresent a malicious WiFi AP as one that appears to come from your carrier – and one that your iPhone is configured to automatically negotiate connections with.

What makes this attack so powerful is that it can get your phone stuck in a boot loop, where it doesn’t stay powered-on long enough for you to disable WiFi entirely. So long as the malicious AP’s in range, there’s not much the user can do.

The researchers note that iOS 8.3 may have helped mitigate some of the threats stemming from this attack, but it’s not necessarily a full solution.

Source: Skycure
Via: BGR

Share This Post
Advertisement
What's your reaction?
Love It
0%
Like It
0%
Want It
0%
Had It
0%
Hated It
0%
About The Author
Stephen Schenck

Stephen has been writing about electronics since 2008, which only serves to frustrate him that he waited so long to combine his love of gadgets and his degree in writing. In his spare time, he collects console and arcade game hardware, is a motorcycle enthusiast, and enjoys trapping blue crabs. Stephen’s first mobile device was a 624 MHz Dell Axim X30, which he’s convinced is still a viable platform. Stephen longs for a market where phones are sold independently of service, and bandwidth is cheap and plentiful; he’s not holding his breath. In the meantime, he devours smartphone news and tries to sort out the juicy bits

Read more about Stephen Schenck!