At the 2015 RSA Conference this month, CEO Adi Sharabani & CTO Yair Amit, both Co-founders of Skycure talked about a new vulnerability in the iOS 8 software that is amazingly annoying. What is the Apple vulnerability solution? RUN!
This security hole has been dubbed the “No iOS Zone”.
Skycure is a leader in mobile threat defence solutions. As offense is a crucial part of any defence solution, their team is responsible for frequently performing experiments to check how mobile devices behave in various scenarios. One day, the team sat around to watch a router – after setting the router in a specific configuration and connecting devices to it – witnessed the sudden crash of an iOS app.
Others in the team with iPhones also began to get issues, showing that only Apple Device users were getting hit.
(YouTube Video Deleted)
Playing around with it, they figured out that it is an issue using SSL (Secure Sockets Layer – Encryption Security System). They began to write up a script that can be used over a Network Scenario, the “No iOS Zone” was born.
In 2013, Skycure disclosed another vulnerability, which they called WiFiGate. Yairs’ blog wrote:
“In a nutshell, the impact was that an attacker could create their own network, and force external devices to automatically connect to it. Combining techniques such as WiFiGate or Karma attacks with this new discovery can allow an attacker to form a “No iOS Zone”. Envision a small device, which automatically captures any iOS device in range and gets it to join a fake network. Then, it issues the attack and crashes attacked iOS devices again and again. Victims in range cannot do anything about it. Think about the impact of launching such an attack on Wall Street, or maybe at the world’s busiest airports, or at large utility plants. The results would be catastrophic.”
This is what the worst case scenario can do:
(YouTube Video Deleted)
This is an infinite loop. Despite you now being aware it’s got to do with Networks, this loop hit will not allow you to even attempt to turn off the Network.
Skycure quickly made Apple aware and the both of them have been working to fix this issue. As of iOS 8.3 update, some of the issue has been resolved. This was reported in October of last year and still not 100% resolved!
Users might be able to avoid this vulnerability exploit in a number of ways:
- Users should disconnect from the bad Wi-Fi network or move away from the location you have the issue with in case you experience continuous crashing or rebooting.
- The latest iOS 8.3 update “might have fixed” a few of the mentioned threats. Users are highly advised to upgrade to the latest version.
- In general, users should avoid connecting to any suspicious “FREE” Wi-Fi network. Make sure to check if “Auto-Connect” is off. to do so, follow the following guide:
Go into Settings, tap WiFi. In the Wifi Settings you should see “Ask to Join Network”, turn it off. If you have used Public Networks before or any others you ain’t sure about, make sure you remove them from the list of known Networks to avoid any issues. Find the name of the Network in the list, tap on it and when it prompts you, hit “Forget”.
You will now have a better chance to avoid this vulnerability, MAYBE!
Does this vulnerability worry you? Let us know by discussing it in the comments section below.
Any concerns, please contact us.