A new threat targeting iOS devices has been discovered by security researchers Patrick Kelly and Matt Harrigan, promising to “brick” your iPhone or iPad if you happen to log onto malicious Wi-Fi networks.
Why would anyone log onto a malicious Wi-Fi network? Because by exploiting the auto-reconnect feature found on iOS — whereby your Apple device will automatically log into Wi-Fi networks it thinks it’s previously connected to — you might not even realize it’s happening.
Until it’s too late, of course.
As the security experts note:
“For example, to use Starbuck’s free Wi-Fi service, you’ll have to connect to a network called ‘attwifi.’ But once you’ve done that, you won’t ever have to manually connect to a network called “attwifi” ever again. The next time you visit a Starbucks, just pull out your iPad and the device automagically connects.
From an attacker’s perspective, this is a golden opportunity. Why? He only needs to advertise a fake open network called ‘attwifi’ at a spot where large numbers of computer users are known to congregate. Using specialized hardware to amplify his Wi-Fi signal, he can force many users to connect to his (evil) ‘attwifi’ hotspot. From there, he can attempt to inspect, modify or redirect any network traffic for any iPads or other devices that unwittingly connect to his evil network.”
After you’ve connected to the sinister W-iFi network, your innocent iPad or iPhone can be made to remotely set its time and date to January 1, 1970: a bug discovered earlier this year which, bizarrely, will render your Apple device so broken even a DFU restore won’t bring it back to life.
Fortunately, there’s a solution to this problem — provided you’ve not yet been targeted, that is. That solution? Update your iPhone to version 9.3.1 or newer to stop the “1970” bug being able to take hold. Until Apple comes up with a way to solve the rogue Wi-Fi problem, there’s always the chance another sort of malicious attack could take place, though.
Source: Krebs on Security
Via: The Next Web