A mobile security research firm was setting up a new router to demonstrate a network-based attack, but during its preparations, researchers noticed the devices running iOS apps started to crash.
The researchers at Skycure dug deeper and found out how attackers could "regenerate a bug and cause apps that perform SSL communication to crash at will." Almost every app runs SSL communication, it noted.
"With our finding, we rushed to create a script that exploits the bug over a network interface. As SSL is a security best practice and is utilized in almost all apps in the Apple app store, the attack surface is very wide," Yair Amit, Skycure cofounder and its chief technology officer, wrote of the problem. "We knew that any delay in patching the vulnerability could lead to a serious business impact: an organized denial of service (DoS) attack can lead to big losses."
"With heavy use of devices exposed to the vulnerability, the operating system crashes as well," Amit said. "Even worse, under certain conditions, we managed to get devices into a repeatable reboot cycle, rendering them useless."
Here's a look at an iPhone in an endless reboot:
Amit went on to say that this issue can be combined with another vulnerability that automatically connects nearby devices to a Wi-Fi network, without user permission or knowledge. In doing this, he said attackers could then crash iOS devices and form a "No iOS Zone."
"Envision a small device, which automatically captures any iOS device in range and gets it to join a fake network. Then, it issues the attack and crashes attacked iOS devices again and again," Amit wrote. "Victims in range cannot do anything about it. Think about the impact of launching such an attack on Wall Street, or maybe at the world’s busiest airports, or at large utility plants. The results would be catastrophic."
Skycure said it is working with Apple to fix this vulnerability, but in the mean time it recommends users take these steps for added safety:
- Users should disconnect from the bad Wi-Fi network or change their location in case they experience continuous crashing or rebooting.
- The latest iOS 8.3 update might have fixed a few of the mentioned threats–users are highly advised to upgrade to the latest version.
- In general, users should avoid connecting to any suspicious “FREE” Wi-Fi network.
Skycure presented their findings on this "brand new mobile vulnerability that allows remote DoS and complete device shutdown" at the RSA Conference in San Francisco this week.