Slashdot Mirror

← Back to Stories (view on slashdot.org)

iOS WiFi Bug Allows Remote Reboot of All Devices In Area

Posted by timothy on from the wardriving-experiment dept.

New submitter BronsCon writes: A recently disclosed flaw in iOS 8 dubbed "No iOS Zone" allows an attacker to create a WiFi hot spot that will cause iOS devices to become unstable, crash, and reboot, even when in offline mode. Adi Sharabani and Yair Amit of Skycure are working with Apple for a fix; but, for now, the only workaround is to simply not be in range of such a malicious network.

16 of 117 comments (clear)

  1. Got to build one of those by jfdavis668 · · Score: 5, Funny

    So I can get a seat at my local coffee house.

    1. Re:Got to build one of those by Rooked_One · · Score: 4, Insightful

      where do I get access to this wonderful toy???

    2. Re:Got to build one of those by toonces33 · · Score: 5, Funny

      Take it to the airport, or take it on the subway.

      Just for grins, I downloaded all of the sounds that an iPhone makes onto my Android phone. In a quiet room, I can play the 'bing' noise that indicates an incoming message, or the noise that an iPhone makes when the battery is low. And then watch to see what kind of reaction there is from the people who are nearby.

    3. Re:Got to build one of those by Anonymous Coward · · Score: 5, Funny

      My time is worthless as well. Plus I too have incredibly low standards for comedy. We should be friends.

    4. Re:Got to build one of those by Jason+Levine · · Score: 4, Funny

      Not that I would do this, but it might be fun to see someone stick something like this in a backpack and walk past an Apple store.

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
  2. even when in offline mode by fustakrakich · · Score: 5, Interesting

    Exactly how does that work if the wifi is turned off?

    --
    “He’s not deformed, he’s just drunk!”
    1. Re:even when in offline mode by Anonymous Coward · · Score: 5, Funny

      You're turning WiFi off wrong.

    2. Re:even when in offline mode by Anubis+IV · · Score: 5, Informative

      I was curious as well, so I read through their presentation slides and their press release.

      The gist of the attack is that they've crafted a malicious SSL cert that can cause strange behavior in apps and the OS itself, including the possibility of initiating a crash-reboot-get malicious SSL cert-crash cycle. Once you get stuck in that cycle, there's no way to turn off WiFi, hence why they said that offline mode would not remedy the issue. That said, offline mode can indeed keep you from getting stuck in that cycle to begin with, and the researchers even recommended it as one of the ways to avoid the problem entirely. Alternatively, if it's already too late for you and you're in the crash loop, simply leaving the area will fix the issue for you, since you'll be able to pull down valid SSL certs and reboot as normal.

      Which is to say, the summary has it wrong, since the attack cannot cause you to enter the crash loop while you're in offline mode, but you won't be able to enter offline mode once you're in the crash loop, so offline mode cannot save you at that point. Only leaving the area will work.

  3. Literally by grasshoppa · · Score: 4, Funny

    That's a literal "work around".

    Heh.

    I'll get my coat.

    --
    Mod me down with all of your hatred and your journey towards the dark side will be complete!
  4. Oblig Steve Jobs paraphrase by Anonymous Coward · · Score: 5, Funny

    You're being somewhere wrong

  5. Re:How is it working in offline mode by BronsCon · · Score: 5, Insightful

    Actually, after giving the article another read-through, I think I got it wrong in the summary. The reboot cycle happens so quickly that, once you've entered it, you don't have the opportunity to turn WiFi off until you've left the range of the rogue AP. The article really isn't clear on that point, but it may well be that, if you have WiFi turned off already, you're safe.

    --
    APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
  6. Darn it by 93+Escort+Wagon · · Score: 5, Funny

    I thought I was going to get First Post, but then this iPhone kept constantly rebooting.

    --
    #DeleteChrome
  7. Re:Wait, what? Even in offline mode? by suutar · · Score: 4, Informative

    It's not that a phone that's offline is still vulnerable to wifi; it's that once this attack (which is carefully designed to get this result) hits you can't get enough control to go offline. The summary's got an inaccurate paraphrase, but TFA's phrasing isn't immediately clear. The researcher's blog has a better description.

  8. Re:How is it working in offline mode by Minwee · · Score: 5, Funny

    Actually, after giving the article another read-through, I think I got it wrong in the summary.

    Are you sure you're a Slashdot submitter?

    Oh, I see you're new here. Don't worry, after a while you'll stop caring about having anything correct in the summary at all.

  9. App? by viperidaenz · · Score: 4, Interesting

    So my Android device can act an an AP, is there an app for this yet?

  10. Re:How is it working in offline mode by Carewolf · · Score: 5, Funny

    Actually, after giving the article another read-through, I think I got it wrong in the summary.

    Are you sure you're a Slashdot submitter?

    Oh, I see you're new here. Don't worry, after a while you'll stop caring about having anything correct in the summary at all.

    If you do manage to get the summary right, you can be sure an editor will fix that mistake.