Beware! Connecting to This Wireless Network Can Break Your iPhone’s Wi-Fi Feature

News

A wireless network naming bug has been discovered in Apple’s iOS operating system that effectively disables an iPhone’s ability to connect to a Wi-Fi network.

The issue was spotted by security researcher Carl Schou, who found that the phone’s Wi-Fi functionality gets permanently disabled after joining a Wi-Fi network with the unusual name “%p%s%s%s%s%n” even after rebooting the phone or changing the network’s name (i.e., service set identifier or SSID).

Stack Overflow Teams

The bug could have serious implications in that bad actors could exploit the issue to plant fraudulent Wi-Fi hotspots with the name in question to break the device’s wireless networking features.

The issue stems from a string formatting bug in the manner iOS parses the SSID input, triggering a denial of service in the process, according to Zhi Zhou, a senior security engineer at Ant Financial Light-Year Security Labs in a short analysis published on Saturday.

Prevent Ransomware Attacks

“For the exploitability, it doesn’t echo and the rest of the parameters don’t seem like to be controllable. Thus I don’t think this case is exploitable,” Zhou noted. “After all, to trigger this bug, you need to connect to that WiFi, where the SSID is visible to the victim. A phishing Wi-Fi portal page might as well be more effective.”

While the issue isn’t reproducible on Android devices, iPhones that have been affected by the problem would need to have their iOS network settings reset by going to Settings > General > Reset > Reset Network Settings and confirm the action.

Products You May Like

Articles You May Like

Apple Releases Urgent 0-Day Bug Patch for Mac, iPhone and iPad Devices
China Roundup: Kai-Fu Lee’s first Europe bet, WeRide buys a truck startup
GM is bringing its upgraded hands-free Super Cruise driving system to six vehicles in 2022
Moving fast and breaking things cost us our privacy and security
ActiveFence comes out of the shadows with $100M in funding and tech that detects online harm, now valued at $500M+

Leave a Reply

Your email address will not be published. Required fields are marked *