Wi-Fi naming problem poses more danger to iPhone than anticipated

IPhone Wi-Fi problem
Written by Emma Davis

Last month, researcher Carl Schou discovered an iPhone Wi-Fi problem, a bug that disrupts wireless connectivity while connecting to a hotspot with a specific name.

The problem was encountered while connecting to an access point named “%p%s%s%s%s%n”. When trying to link to this network, Wi-Fi on the device turned off, and when the expert wanted to turn it on again, nothing happened either after restarting the device or after changing the SSID.

Apparently, the root of this problem lies in an error related to the parsing of the input data. When a string with “%” characters is present in access point names, iOS may misinterpret letters following “%” as format specifiers. In addition, the researcher later noticed that the iPhone responded even worse to the network named “%secretclub% power”.

While the names of Wi-Fi networks are stored in specific files, every time the iPhone tries to connect to a Wi-Fi network, iOS reads those files, crashes, and reboots in a loop. As a result, it turned out that the only way to get rid of this bug was to completely reset the network settings on the device (transparent local files from the problematic network name).

But if earlier this bug could be called simply unpleasant, now it turns out that the problem is much more severe.

Adding ‘%@’ to the name of a wireless network can trigger a denial of service round-robin, which in turn can be exploited as a use-after-free vulnerability for remote code execution.experts of the ZecOps company said.

Since iOS automatically connects users to the nearest Wi-Fi network, experts warn that such a vulnerability could be used for attacks that do not require human interaction. It’s easy enough to create a Wi-Fi network with a malicious name and then wait for nearby users to connect to it when they are close enough.

ZecOps notes that the original bug Shu discovered last month affected all versions of iOS 14.x, while remote code execution, which the researchers named WiFiDemon, was only possible on iPhones and iPads running iOS 14.0 through 14.4. That is, the bug was fixed in January 2021 with the release of iOS 14.4, but Apple did not seek to make this problem public.

Experts once again urge users to install updates promptly. However, they note that older versions of iOS (before iOS 14.x) are not vulnerable to WiFiDemon and denial of service attacks.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply

Sending