Security firm shows how to crash an iPhone with a wireless DoS attack

Another reason to connect your phone or tablet only to Wi-Fi networks you know and trust: An SSL certificate exploit could put your device in an unusable state.

It's highly unlikely that people have experienced this on their iPhone or iPad, but it's possible that iOS app crashes could be due to a wireless denial of service (DoS) attack. That's because SkyCure, a mobile device security company, has actually replicated the attack and explained it as high level during the 2015 RSA Conference. Even worse, the attack can cause an endless reboot of your iPhone.

SkyCure has kept the technical details to a minimum becuase it doesn't want to provide would-be attackers with the exact method. And the company says it is working with Apple to help remove the potential vulnerability in iOS 8.

For the DoS to actually happen, a Wi-Fi router would need to be setup with a "specific configuration," according to SkyCure's blog post on the situation. A particuarly designed SSL certificate would be required for a hacker to perform the DoS, with a script exploiting this particuarly bug that SkyCure says is within iOS 8 and the apps on it:

"With our finding, we rushed to create a script that exploits the bug over a network interface. As SSL is a security best practice and is utilized in almost all apps in the Apple app store, the attack surface is very wide. We knew that any delay in patching the vulnerability could lead to a serious business impact: an organized denial of service (DoS) attack can lead to big losses."

How might the exploit be implemented? Once an iPhone or iPad is connected to the Wi-Fi router that's set up to exploit the bug, any iOS apps that rely on SSL communications would simply crash in a way that could makee the iOS device unusable. You can't even disconnect from the offending Wi-Fi network, notes SkyCure, which has used the exploit to force an iPhone into an endless boot cycle.

Again, the exploit is an unlikely circumstance. And my immediate thought for if this were to happen would be to get my device out of range from the Wi-Fi router; ideally, that would cause the DoS attack to cease. This also reinforces the common sense notion to connect only to known Wi-Fi networks, no matter what phone, tablet or computer you use.

Regardless, no exploit is a good exploit, so if Apple agrees with SkyCure's analysis, I'd expect some sort of patch in a future iOS 8 software update.

techrepublic

How Sephora is leveraging AR and AI to transform retail and help customers buy cosmetics

Beauty retailer Sephora followed customer technology trends to command the cosmetic industry worldwide. Here's an inside look at its successful digital transformation.

Read More

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All