Researchers at Skycure have exposed an SSL certificate security flaw allowing them to create a ‘No iOS Zone’ where most apps on iPhones and iPads running iOS 8 will crash while connecting to the Internet, even crashing the devices themselves in some cases. While the exploit is normally triggered by users manually joining these rogue Wi-Fi networks, hackers can also take advantage of the WiFiGate vulnerability to create fake Wi-Fi networks with names that iOS devices on some carriers will automatically join — for example any iPhone on AT&T will join any nearby Wi-Fi network with the name “attwifi” without requiring any user interaction.
Once the device is connected, either automatically or manually by the user, apps attempting to make a secure connection with a server will crash. Heavy use of the device while it is exposed to the fake Wi-Fi location can even cause the device’s OS to crash.
In some instances that crash led to a repeatable boot cycle, rendering the device useless while within range of the fake Wi-Fi hotspot. Users can avoid the problem by disconnecting from the offending Wi-Fi network and generally avoiding connecting to suspicious free Wi-Fi networks, although in the case of carrier-defined Wi-Fi networks, the user may be required to move out of range of the Wi-Fi network entirely, as many of these carrier settings cannot be overridden.