Security flaw opens iOS devices to attack using fake WiFi hotspots | iLounge News

News

Security flaw opens iOS devices to attack using fake WiFi hotspots

Researchers at Skycure have exposed an SSL certificate security flaw allowing them to create a ‘No iOS Zone’ where most apps on iPhones and iPads running iOS 8 will crash while connecting to the Internet, even crashing the devices themselves in some cases. While the exploit is normally triggered by users manually joining these rogue Wi-Fi networks, hackers can also take advantage of the WiFiGate vulnerability to create fake Wi-Fi networks with names that iOS devices on some carriers will automatically join — for example any iPhone on AT&T will join any nearby Wi-Fi network with the name “attwifi” without requiring any user interaction. Once the device is connected, either automatically or manually by the user, apps attempting to make a secure connection with a server will crash. Heavy use of the device while it is exposed to the fake Wi-Fi location can even cause the device’s OS to crash. In some instances that crash led to a repeatable boot cycle, rendering the device useless while within range of the fake Wi-Fi hotspot. Users can avoid the problem by disconnecting from the offending Wi-Fi network and generally avoiding connecting to suspicious free Wi-Fi networks, although in the case of carrier-defined Wi-Fi networks, the user may be required to move out of range of the Wi-Fi network entirely, as many of these carrier settings cannot be overridden. Skycure has reported the problem to Apple and speculates that iOS 8.3 may have fixed some of the underlying issues. [via 9to5Mac]

Comments

Related Stories

Subscribe to iLounge Weekly

Sign up for the iLounge Weekly Newsletter

iLounge is an independent resource for all things iPod, iPhone, iPad, and beyond.
iPod, iPhone, iPad, iTunes, Apple TV, Mac, and the Apple logo are trademarks of Apple Inc.
iLounge is © 2001 - 2017 iLounge, Inc. All Rights Reserved. Terms of Use | Privacy Policy