Researchers discover iOS-crashing Wi-Fi attack

April 23, 2015 // 1:06 p.m.

Tags: #adi-sharabani #apple #apple-tv #insecurity #ios #ios-8 #ios-83 #ipad #iphone #ipod-touch #os-x #security #skycure #ssl #tls #vulnerability #yair-amit

A security firm has unveiled a new vulnerability in Apple's iOS 8 mobile operating system which can create an iDevice exclusion zone by sending a malicious SSL certificate over a Wi-Fi network.

Discovered by Yair Amit and Adi Sharabani of security firm Skycure, the vulnerability affects only iOS devices with Apple's mainstream OS X platform seemingly immune to the flaw. Using a custom-configured wireless router, Amit and Sharabani were able to crash any application on the device which attempts to use a secure SSL/TLS connection while connected to the router. 'As SSL is a security best practice and is utilised in almost all apps in the Apple app store, the attack surface is very wide,' noted Amit in his write-up of the vulnerability. 'We knew that any delay in patching the vulnerability could lead to a serious business impact: an organised denial of service (DoS) attack can lead to big losses.'

The flaw crashes SSL/TLS-secure applications immediately, but the problem extends still deeper. 'An even more interesting impact of the SSL certificate parsing vulnerability is that it actually affects the underlying iOS operating system,' wrote Amit. 'With heavy use of devices exposed to the vulnerability, the operating system crashes as well. Even worse, under certain conditions, we managed to get devices into a repeatable reboot cycle, rendering them useless.

'The aforementioned is interesting in particular, as it puts the victim’s device in an unusable state for as long as the attack impacts a device. Even if victims understand that the attack comes from a Wi-Fi network, they can’t disable the Wi-Fi interface in the repeated restart state. Envision a small device, which automatically captures any iOS device in range and gets it to join a fake network. Then, it issues the attack and crashes attacked iOS devices again and again. Victims in range cannot do anything about it. Think about the impact of launching such an attack on Wall Street, or maybe at the world’s busiest airports, or at large utility plants. The results would be catastrophic.'

While Skycure, a company which specialises in mobile security, may be over-egging the pudding somewhat - especially as Amit's write-up indicates that the flaw has yet to be tested on iOS 8.3, the latest release of Apple's mobile operating system - there's no denying that it's a potentially serious vulnerability. Thankfully, it's one Apple is actively investigating - and Skycure, practising responsible disclosure, is holding off on releasing technical details of the attack until a patch can be developed and distributed.
Discuss this in the forums

QUICK COMMENT

SUBSCRIBE TO OUR NEWSLETTER

WEEK IN REVIEW

TOP STORIES

SUGGESTED FOR YOU