SSL Certificate Flaw Affects iOS Devices, Causes Endless Reboots
Even if you're an extra careful iOS device user and actively avoid open Wi-Fi networks, it doesn’t automatically make you safe from attacks over a network. Not even "secure" Wi-Fi guarantees security as you could be connecting to a rogue access point with the same AP name and password as the real network. Moreover, attackers could be on the very same "safe" network as you are, use the same access points, and conduct man-the-middle (MITM) attacks.
Recently, an iOS bug that sends iPhones, as well as iPads into endless crash cycles was discovered. The vulnerability allows nearby attackers to send apps, and in some cases, cause the iOS devices they run on into an infinite reboot cycle that renders the device temporarily useless. According to the researchers who found the bug, the exploit uses a standard Wi-Fi network that generates a specific secure-socket-layer (SSL) certificate to exploit the bug. Apps running on iOS devices including iPhones, iPads, and iPods can eventually cause the devices to crash and reboot. Even if the user becomes aware that the crashes are triggered by the Wi-Fi network they’re connected to, it isn’t possible to disconnect as the repeated reboots won’t allow the user to access anything on their device, let alone their settings.
This exploit, paired with an older threat called WiFiGate that forces iPhones to connect to rogue Wi-Fi networks automatically, can allow attackers to form a “No iOS Zone”. Essentially, this can lure iOS devices to connect to rogue Wi-Fi networks and cripple their devices using the SSL certificate flaw.
How can users stay safe?
Since the exploit has yet to be fixed, it is recommended for users to upgrade to the latest version of iOS and stay updated on the latest developments. We encourage users to disconnect from bad Wi-Fi networks, and leave the current location in case of continuous crashes.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases