Slashdot Mirror

← Back to Stories (view on slashdot.org)

iOS 1970 Bug Is Back, Can Be Exploited Via Rogue WiFi Networks (softpedia.com)

Posted by msmash on from the weird-bugs-strange-exploits dept.

An anonymous reader writes: Back in February iOS users noted that setting your phone/tablet's date to January 1, 1970 would permanently brick their devices. After Apple fixed the issue in iOS 9.3.1, two security researchers have now uploaded a video on YouTube showing how to exploit this bug from a remote location, with no access to the user's phone. The setup involves attackers putting up a Wi-Fi network on which they're running a rogue NTP server. This server tells iOS devices syncing their time that it's December 31, 1969, 23:59:00. Twenty minutes later, if the battery didn't catch fire (which is possible with this new exploit), the iPad or iPhone device is permanently and irreversibly bricked.

5 of 106 comments (clear)

  1. Apple genuii by Impy+the+Impiuos+Imp · · Score: 4, Insightful

    Fire the engineers who "fixed" this.

    The fix should not just be prevent the user from setting the problematic time, but fixing the issue directly should the time become the bogus time by any means.

    If the battery can catch fire, then you really, really, really need to fix it properly.

    And the testers need a slap, too. One test case should have been setting the time by force to see what happens, and not just testing the time set lockout.

    --
    (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
  2. Bad Summary? by blazer1024 · · Score: 5, Insightful

    So the summary (and the headline) seem to imply that this bug affects even devices with iOS 9.3.1, but the article actually states:

    If the device was running an iOS version vulnerable to the 1970 bug, after a minute, the device would reach the problematic crash date.

    ...

    Kelley and Harrigan recommend that users update as soon as possible to iOS 9.3.1.

    This is actually just a remote way to exploit this bug, and not a new bug as the summary suggests.

  3. umm what? by phishybongwaters · · Score: 1, Insightful

    "Twenty minutes later, if the battery didn't catch fire (which is possible with this new exploit), the iPad or iPhone device is permanently and irreversibly bricked." How exactly does changing the system time via NTP cause the battery to catch fire? While I'm fully onboard with hating ios and most things apple does..... I'm not exactly sure how that statement makes any sense. I'm going to tell you right now, changing the date on my windows device and android device does not, in any way, affect battery life or heat. At all. The fact that this is even possible means there's a massive code issue in relation to the battery. Under what mechanism does the date and time have any effect on the battery drain? It simply makes no sense. Than again, the same can be said for the system becoming unresponsive AT ALL due to the fucking date. This is half-assed work at best. I expect a lot of bullshit from apple, but half assed stuff like this is not one of those things.

    1. Re:umm what? by frnic · · Score: 4, Insightful

      Don't let you hate blind you, this is NOT a new exploit, this is the same exploit and is fixed in 9.3.1 and the article even suggests updating to prevent it.

  4. Re:Also Good for Corporate WiFi Networks by Anonymous Coward · · Score: 3, Insightful

    If the IT department setup their network in a way that allows these devices to connect then the problem is the IT department, not the employee.