Researchers stumbled upon a vulnerability recently that can force any iPhone or iPad into a perpetual reboot loop.
The issue stems from what researchers are calling an SSL certificate parsing vulnerability in iOS 8.0, something Apple is apparently aware of and in the process of fixing.
Yair Amit, cofounder at the Israeli security firm Skycure, and Adi Sharabani, the company’s CEO, demonstrated the vulnerability in a presentation at the RSA Conference in San Francisco on Tuesday afternoon. The two claim they found the bug while trying to demonstrate another attack, one of the network-based variety. After installing a new router and configuring it a special way, team members in the room noticed some of their iOS apps randomly begin to crash.
After developing a script to exploit the bug over a network interface, researchers found they could repeatedly crash apps.
“Under certain conditions, we managed to get devices into a repeatable reboot cycle, rendering them useless,” Amit wrote in a blog entry describing the bug Tuesday.
https://www.youtube.com/watch?v=PmgI0LaFYLA
The bug actually needs another WiFi vulnerability to work – but if that condition was in place, an attacker could make their own “no iOS zones,” so-to-speak, areas where any devices on iOS could repeatedly crash.
The WiFi issue Skycure used in tandem with its certificate parsing vulnerability actually dates back to 2013. Researchers at the firm found a way to craft their own network and force external devices to connect to it automatically. Dubbed WiFiGate, the vulnerability could get a user to connect to an attacker’s dummy WiFi without their consent.
“Basically, by generating a specially crafted SSL certificate, attackers can regenerate a bug and cause apps that perform SSL communication to crash at will,” Amit said.
The bug could theoretically affect any iOS app that uses SSL certificates, or most apps.
Amit, who claims the bug could have a potentially serious business impact and lead to widespread DDoS attacks, has reported it to Apple but as the company hasn’t contacted Skycure regarding a fix yet, he’s pumping the brakes on divulging any further information about the attack.
While it’s unclear when this issue will get fixed by Apple, the company did address a bevy of issues in iOS two weeks ago, including another bug – the Phantom vulnerability – that could’ve forced iPhones into an endless reboot. That issue, a proxy manipulating bug, could have enabled an attacker to tweak an iPhone user’s proxy settings over WiFi.