Researchers from the security firm Skycure have found a new flaw in the IOS system that effectively allows you to put any iOS 8 device in range into a never-ending boot cycle. The flaw was demonstrated at the RSA security conference in San Francisco, but the good news is that the company didn’t disclose all the details on how to perform the hack and they are working with Apple to fix the issue.
The vulnerability takes advantage of a bug in the SSL system and the researchers showed how they could make iOS devices crash as soon as they connected to a ‘bad’ hotspot. This wouldn’t be so bad as you could choose not to connect to unknown wireless networks and hotspots, that is if it wasn’t for another security issue.
The researchers combined the SSL flaw with an older exploit dubbed WiFiGate. iOS devices are pre-programmed by the carrier to automatically connect to certain networks and there isn’t a thing that you can do about it, except maybe turn your WiFi completely off. For example, AT&T customers will automatic connect to any network called attwifi and there is no way to prevent this.
Using those two flaws in a combination and the researcher could put any iOS device that entered the range of their manipulated hotspot into an endless boot cycle. The only way to stop it and get access back to your phone is to get out of the range of the hotspot. This might just be an annoyance if deployed at a university campus or school, but if such a thing is let lose in a financial district, then it could create some serious havoc.
Thank you Gizmodo for providing us with this information