Wi-Fi Attack Breaks iPhones By Locking Them Into an Endless Loop

User Rating: 5 / 5

Star ActiveStar ActiveStar ActiveStar ActiveStar Active
 

iPhone© Max Eddy

Researchers from Skycure demonstrated a novel attack at the RSA 2015 conference that affects iPhones and other iOS devices. The attack, which takes advantage of new and previously announced vulnerabilities, locks iPhones into a never-ending reboot cycle effectively rendering them useless.

Developing a Denial of Service Attack

Skycure CEO Adi Sharabani explained that this attack began when Skycure researchers bought a new router and were messing around with its network settings. In doing so, they discovered a particular configuration that caused apps in iPhones connected to that router to crash whenever they launched.

"To us, these things are amazing," said Sharabani. "These bugs can always result in vulnerabilities."

Sharabani explained that an issue in how iOS devices handle SSL certificates caused the apps to crash. Were an attacker to create a Wi-Fi network with a particular configuration and victims joined it, apps on the victims' phones would crash when they reached out to the Web through SSL. Of course, the average user would probably switch off their Wi-Fi and use their cellular data connection, thus ending the attack. "It's really annoying, but it's not devastating," said Sharabani.

Devastating Development

To make it a little more devastating, Sharabani and his team combined this new vulnerability with one previously disclosed by Skycure and dubbed Wi-Fi Gate. That vulnerability took advantage of default settings in iOS devices from wireless companies. In the company's previous research, Skycure discovered that an attacker could create a rogue Wi-Fi network that appeared identical to one of the pre-set options and force phones to connect without victims realizing.

But Skycure went beyond merely crashing individual apps, and found the means to lock victims' iPhones into a never-ending crash and reboot cycle.

 

 

 "There are many different processes in the operating system that interact with SSL, not just the apps themselves," explained Sharabani. "By doing this manipulation on requests coming off the operating system, we were able to crash different processes from the OS, causing the device to crash." When the device rebooted, it would automatically connect to the last Wi-Fi network it was connected to, crash again, reboot, and so on.

"You don't even have time to even just go to the settings and switch off the Wi-Fi," said Sharabani. "There's no way to mitigate it other than running away from the attacker."

Attack Limitations

While Skycure's attack renders a phone inoperable, there are other devices already on the market that can mess with your phone. Portable cell towers, called Femtocells, can intercept cellular communications and other devices can simply jam cellular radios. However, Sharabani stressed that Skycure's attack renders all aspects of a victim's phone inoperable, not just the ability to communicate. Victims could not, for example, take photos or video of whatever was happening around them at the time.