Security researchers have discovered a vulnerability in Apple’s iPhone and iPad operating system that could let a hacker continuously crash either device as many times as they want.
Discovered by researchers at mobile security firm Skycure, the vulnerability is activated when you connect to an unknown open Wi-Fi hotspot (something you should never do in the first place), which the the hacker can then use to take control of several functions on your device.
Once you’re on the network, a hacker sends your iOS device an SSL certificate, which allows a device to talk with an app or website securely. Think of an SSL as something that lets your phone communicate with an app’s servers without anyone listening in.
In this instance, though, the SSL is purposely flawed, letting the hacker use their exploit to force any app using SSL to crash for no apparent reason.
The researchers at Skycure soon realized that they could crash not only apps, but also entire iPhones or iPads, causing the devices to enter a seemingly endless restart cycle that prevents you from either device at all.
The researchers said they were also able to combine the SSL certificate vulnerability with another hack that forces iOS users to automatically connect to specific Wi-FI networks.
In this instance, a hacker could force your iPhone to connect to their network and then start using the SSL certificate vulnerability to keep shutting down and restarting your iPhone.
The Skycure researchers refer to this practice as creating a “no iOS zone,” since any iOS device within range could be impacted. The only way to stop the cycle would be to leave the malicious network’s Wi-Fi range.
Skycure says the easiest way to avoid this issue is to stay away from unknown Wi-Fi networks and make sure you’re always running the latest iOS updates. Though they said they’ve reached out to Apple to let them know about the issue, Skycure says they still haven’t received a response.
This isn’t the first vulnerability discovered in Apple’s iOS, which execs have often boasted is far more secure than competitor Android. In the past, the software has been found to other security issues, though Apple is always quick to address them.
In this case, Apple will likely fix the vulnerability and move on.
Seriously though, the best thing you can do is stay away from connecting to any free Wi-Fi networks you aren’t familiar with. In addition to opening you up to a silly vulnerability like this, free, open Wi-Fi connections can also let hackers see much of what you’re doing on your iOS device.
Just stick to the networks you know and trust.
No comments:
Post a Comment