Researchers at Skycure have revealed a zero-day security flaw, which when exploited, can allow attackers to repeatedly crash Apple devices running iOS 8. Dubbed No iOS Zone, the vulnerability just requires the device to be within range of a WiFi hotspot, whether connected or not.
The exploit works by manipulating SSL certificates sent to the iOS devices over Wi-Fi, causing apps or possibly the OS itself to crash, making the device unstable and triggering constant reboots. This would effectively render the device useless, something which could wreak havoc at sensitive locations like financial hubs.
While not connecting to random Wi-Fi hotspots seems like a way out, sadly that’s not a full proof solution. Gizmodo explains, “iOS devices are pre-programmed by the carrier to automatically connect to certain networks. For example, AT&T customers will auto-connect to any network called ‘attwifi’. There’s no way to prevent your phone from doing this, short of turning Wi-Fi off altogether.”
As of now, all you can do to avoid the problem is to, ahem, physically run away from the hotspot’s range, says Skycure’s Adi Sharabani, adding that they are working with the Cupertino-based company on a fix. Meanwhile, there haven’t been any reports of the vulnerability being exploited in the wild.
Source | Via 1 | Via 2