SCF Advanced Search


Members
  • Total Members: 13113
  • Latest: CROYA86
Stats
  • Total Posts: 32053
  • Total Topics: 9704
  • Online Today: 1448
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)











Author Topic: Malicious Wi-Fi could crash and reboot nearby Apple iPhones, iPods & iPads!  (Read 1405 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7444
  • KARMA: 312
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


RSA 2015 A vulnerability in iOS 8 can be exploited by malicious wireless hotspots to repeatedly crash and reboot nearby Apple iPhones, iPads and iPods, security researchers claim.

Skycure bods Adi Sharabani and Yair Amit say the attack, dubbed "No iOS Zone", will render vulnerable iOS things within range unstable – or even entirely unusable by triggering constant reboots: https://www.skycure.com/blog/ios-shield-allows-dos-attacks-on-ios-devices/

“Anyone can take any router and create a Wi-Fi hotspot that forces you to connect to their network, and then manipulate the traffic to cause apps and the operating system to crash,” Sharabani told the RSA security conference in San Francisco today.

“There is nothing you can do about it other than physically running away from the attackers. This is not a denial-of-service where you can't use your Wi-Fi – this is a denial-of-service so you can't use your device even in offline mode.”

The denial-of-service is triggered by manipulating SSL certificates sent to the iOS devices over Wi-Fi; specially crafted data will cause apps or possibly the operating system to crash.

"As the vulnerability has not been confirmed as fully fixed yet, we’ve decided to refrain from providing additional technical details, in order to make sure iOS users are not exposed to the exploit caused by this vulnerability," the pair explained.

It is a choice attack for disrupting political events, or at financial hubs like Wall Street, Sharabani suggested. Neither Apple nor Skycure have seen the vulnerability exploited in the wild, but the pair predict more of these kind of attacks in the future.

The duo are still working with Apple to address the security hole, Amit told El Reg. He praised the California giant for its quick response in attempting to tackle the No iOS Zone vulnerability.

He also said the attack can be combined with HTTP request hijacking to trick iOS apps into pulling information from an attacker's servers, allowing the miscreant to compromise the software by feeding it bad data.

The duo's slide deck on the wireless attack can be downloaded as a PDF, here: https://www.rsaconference.com/writable/presentations/file_upload/mbs-t09--mobile-vulnerabilities-from-data-breach-to-complete-shutdown.pdf

(ElReg)

Samker's Computer Forum - SCforum.info

Sponsored Links:




 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising