Security researchers have discovered a flaw in iOS 8 that makes it possible to render any iPhone, iPad, or iPod touch unusable when it's within Wi-Fi range.
Adi Sharabani and Yair Amit unveiled the zero-day vulnerability at RSA 2015. The attack, dubbed 'No iOS Zone', renders iOS devices unstable or even completely unusable by triggering constant reboots.
“Anyone can take any router and create a Wi-Fi hotspot that forces you to connect to their network, and then manipulate the traffic to cause apps and the operating system to crash,” Sharabani told the RSA security conference. “There is nothing you can do about it other than physically running away from the attackers. This is not a denial-of-service where you can't use your Wi-Fi – this is a denial-of-service so you can't use your device even in offline mode.”
The attack works by manipulating the SSL certificates sent to iOS over Wi-Fi but the full technical details won't be revealed until Apple has fixed it.
"As the vulnerability has not been confirmed as fully fixed yet, we’ve decided to refrain from providing additional technical details, in order to make sure iOS users are not exposed to the exploit caused by this vulnerability."
Notably, the attack can also be combined with HTTP request hijacking to feed the device information from the hacker's servers.
Check out the video below or hit the link for more details...
[via The Register]
Adi Sharabani and Yair Amit unveiled the zero-day vulnerability at RSA 2015. The attack, dubbed 'No iOS Zone', renders iOS devices unstable or even completely unusable by triggering constant reboots.
“Anyone can take any router and create a Wi-Fi hotspot that forces you to connect to their network, and then manipulate the traffic to cause apps and the operating system to crash,” Sharabani told the RSA security conference. “There is nothing you can do about it other than physically running away from the attackers. This is not a denial-of-service where you can't use your Wi-Fi – this is a denial-of-service so you can't use your device even in offline mode.”
The attack works by manipulating the SSL certificates sent to iOS over Wi-Fi but the full technical details won't be revealed until Apple has fixed it.
"As the vulnerability has not been confirmed as fully fixed yet, we’ve decided to refrain from providing additional technical details, in order to make sure iOS users are not exposed to the exploit caused by this vulnerability."
Notably, the attack can also be combined with HTTP request hijacking to feed the device information from the hacker's servers.
Check out the video below or hit the link for more details...
[via The Register]