Security
researchers have uncovered a zero-day vulnerability in iOS 8 that could
repeatedly crash users' Apple iPhones, iPads and iPods when the devices connect
to a malicious wireless hotspot.
It’s like Denial of Service (DoS) attack on Apple's iOS devices that results in crashing either individual iOS
apps or users' entire iPhones.
NO iOS ZONE
Adi Sharabani
and Yair Amit of Mobile security firm Skycure presented their latest research,
titled "No iOS Zone", at the RSA security conference in San Francisco
on Tuesday.
The duo showed:
It is possible
for an attacker to create malicious Wi-Fi networks in order to crash nearby
users’ mobile devices with incredible accuracy.
Also, even the
"No iOS Zone" attack is capable to make iOS things within the range
completely unusable by triggering constant numbers of reboots.
It is nothing
but a DoS attack…
...that makes
the device inaccessible by its users, just like in the case of websites and
servers.
"Anyone can
take any router and create a [malicious] Wi-Fi hotspot that forces [nearby
users] to connect to [attackers] network, and then manipulate the traffic to
cause [their mobile] apps and the operating system to crash," said
Sharabani speaking at the RSA Conference.
So, What could
be done in order to get rid of attacker's malicious Wi-Fi?
Just Run Away!
Yeah! It sounds
really strange, but users have no other choice if they find themselves in this
situation.
The only thing
that could be done by iOS users is to run away from that malicious hotspot's
range.
"There is
nothing you can do about it other than physically running away from the
attackers," Sharabani said. "This is not a denial-of-service [attack]
where you can't use your Wi-Fi; this is a denial-of-service [attack] so you
can't use your device even in offline mode."
Another best
measure is to simply avoid the free wireless networks you find in the street
providing public Internet access.
Now, Let's learn
how it is possible:
All an attacker
need to do is create a malicious wireless network that uses the Wi-Fi
connection in order to manipulate SSL certificates sent to iOS handsets.
Once the devices
are connected to this malicious wireless hotspot, the attacker can launch a
malicious crafted script forcing denial-of-service (DoS) which causes the apps
as well as the phone to crash.
Here's the Video
Demonstration:
The duo has also
produced videos showing the DoS attack on iOS devices in action. You can watch
the video below. You can also download the PDF related to this wireless attack.
Iphoto
Both Sharabani
and Amit have contacted Apple about this issue, but it is yet unclear whether
the company has released a complete fix or not.
Due to this
reason, the duo has decided to not to provide any additional technical details
about the flaws and issues they exploited in their attack; just to make sure
iOS users are not exposed to the danger of the exploit caused by this
vulnerability.
No comments:
Post a Comment