iOS WiFi Bug Allows Remote Reboot of All Devices In Area

New submitter BronsCon writes: A recently disclosed flaw in iOS 8 dubbed "No iOS Zone" allows an attacker to create a WiFi hot spot that will cause iOS devices to become unstable, crash, and reboot, even when in offline mode. Adi Sharabani and Yair Amit of Skycure are working with Apple for a fix; but, for now, the only workaround is to simply not be in range of such a malicious network.

Re:even when in offline mode

[Anubis+IV]

I was curious as well, so I read through their presentation slides and their press release.

The gist of the attack is that they've crafted a malicious SSL cert that can cause strange behavior in apps and the OS itself, including the possibility of initiating a crash-reboot-get malicious SSL cert-crash cycle. Once you get stuck in that cycle, there's no way to turn off WiFi, hence why they said that offline mode would not remedy the issue. That said, offline mode can indeed keep you from getting stuck in that cycle to begin with, and the researchers even recommended it as one of the ways to avoid the problem entirely. Alternatively, if it's already too late for you and you're in the crash loop, simply leaving the area will fix the issue for you, since you'll be able to pull down valid SSL certs and reboot as normal.

Which is to say, the summary has it wrong, since the attack cannot cause you to enter the crash loop while you're in offline mode, but you won't be able to enter offline mode once you're in the crash loop, so offline mode cannot save you at that point. Only leaving the area will work.