Slashdot Mirror

← Back to Stories (view on slashdot.org)

iOS 1970 Bug Is Back, Can Be Exploited Via Rogue WiFi Networks (softpedia.com)

Posted by msmash on from the weird-bugs-strange-exploits dept.

An anonymous reader writes: Back in February iOS users noted that setting your phone/tablet's date to January 1, 1970 would permanently brick their devices. After Apple fixed the issue in iOS 9.3.1, two security researchers have now uploaded a video on YouTube showing how to exploit this bug from a remote location, with no access to the user's phone. The setup involves attackers putting up a Wi-Fi network on which they're running a rogue NTP server. This server tells iOS devices syncing their time that it's December 31, 1969, 23:59:00. Twenty minutes later, if the battery didn't catch fire (which is possible with this new exploit), the iPad or iPhone device is permanently and irreversibly bricked.

14 of 106 comments (clear)

  1. Also Good for Corporate WiFi Networks by xxxJonBoyxxx · · Score: 4, Funny

    Forget "rouge" WiFi networks - now IT can finally strike back at BYOD users who insisted on connecting their iPhones into an internal corporate network. :)

    1. Re:Also Good for Corporate WiFi Networks by Anonymous Coward · · Score: 3, Insightful

      If the IT department setup their network in a way that allows these devices to connect then the problem is the IT department, not the employee.

    2. Re:Also Good for Corporate WiFi Networks by magarity · · Score: 2

      Forget "rouge" WiFi networks

      And then there's the eyeliner networks and the foundation networks to worry about.

  2. Apple genuii by Impy+the+Impiuos+Imp · · Score: 4, Insightful

    Fire the engineers who "fixed" this.

    The fix should not just be prevent the user from setting the problematic time, but fixing the issue directly should the time become the bogus time by any means.

    If the battery can catch fire, then you really, really, really need to fix it properly.

    And the testers need a slap, too. One test case should have been setting the time by force to see what happens, and not just testing the time set lockout.

    --
    (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
    1. Re:Apple genuii by pushing-robot · · Score: 5, Informative

      No, fire the summary writer.

      The bug was fixed, this is just a practical way of exploiting devices running the affected versions.

      Also, there have been no battery fires, but aluminum feels pretty hot when it gets to 50C and people assumed their phones must be OMG about to CATCH FIRE!!11!!eleven

      --
      How can I believe you when you tell me what I don't want to hear?
    2. Re:Apple genuii by tlhIngan · · Score: 3, Informative

      This is true. Also WHY is the ipad following NTP if the slew rate is greater than 500ppm? The NTP RFC's clearly states that this is the maximum you should adjust the clock via the protocol(s).

      NTP has two modes.

      First is to keep clocks in sync, so if you have a network of devices, the clocks can tick pretty much together. This is what you use NTPd for - to keep clocks on a network in sync.

      The other use is to set the clock, which uses the same protocol, except we call it "daytime protocol" because they do an NTP query to get the current date/time to set it. In Linux, you use "ntpdate" to set the clock initially since NTPd will refuse to run if the system clock and server clock are too far apart. So you use ntpdate to get the clock close enough.

      Most devices when you set "Automatically set date/time" use daytime to set the clocks. It's only stuff like the Apple watch (which is used to keep time) that generally wants to keep time in sync.

  3. Re: It's sad those republicans... by xxxJonBoyxxx · · Score: 2

    >> They want mandatory prison terms for programmers that fix software bugs.

    I'll have to look into that. Maybe I'll finally get some peace and quiet - it can't be worse than an "open concept" office. :)

  4. Bad Summary? by blazer1024 · · Score: 5, Insightful

    So the summary (and the headline) seem to imply that this bug affects even devices with iOS 9.3.1, but the article actually states:

    If the device was running an iOS version vulnerable to the 1970 bug, after a minute, the device would reach the problematic crash date.

    ...

    Kelley and Harrigan recommend that users update as soon as possible to iOS 9.3.1.

    This is actually just a remote way to exploit this bug, and not a new bug as the summary suggests.

    1. Re:Bad Summary? by cant_get_a_good_nick · · Score: 2

      That's a horrible clickbait summary.

      Hey your phone will catch fire! We'll throw some mumbo jumbo about NTP to scare you. Please come click on this story, and oh by the way disable your adblocker...

  5. It was fixed... by pushing-robot · · Score: 5, Informative

    If it wasn't clear, the bug was fixed in 9.3.1 - this only affects devices that haven't been updated.

    Also, I think the highest temperature recorded was 54C... not something you'd want to touch, but not likely to catch fire either.

    Finallly, if it's like the previous exploit, the device isn't completely bricked... when the battery goes dead or is disconnected the device can be reset.

    --
    How can I believe you when you tell me what I don't want to hear?
  6. Re:umm what? by frnic · · Score: 4, Insightful

    Don't let you hate blind you, this is NOT a new exploit, this is the same exploit and is fixed in 9.3.1 and the article even suggests updating to prevent it.

  7. Re:So if the battery does catch fire... by Qzukk · · Score: 2

    No, it's permanently and irreversibly burned.

    --
    If I have been able to see further than others, it is because I bought a pair of binoculars.
  8. Re:LOL at the sound track for the exploit video by ArmoredDragon · · Score: 2

    A simple bug in Apple's software is much different than a trojanized payload.

  9. Re:So if the battery does catch fire... by pushing-robot · · Score: 2

    No, at that point it's briquette.

    --
    How can I believe you when you tell me what I don't want to hear?