iPhone’s potentially ‘catastrophic’ weakness allows targeted attacks
“Anyone can take any router and create a Wi-Fi hotspot that forces you to connect to their network, and then manipulate the traffic to cause apps and the operating system to crash,”Adi Sharabani, a researcher with the firm Skycure, told attendees at the RSA security conference in San Francisco this week, The Registerreportedon Wednesday.
In a blog post, Skycure said the exploit is achieved by first tricking a targeted device running the iOS operating system into accepting a specifically crafted SSL certificate. This is a type of digital key that devices and applications use to securely communicate. It then regenerates a bug embedded in the certificate when the app is launched that forces it to crash.
— Skycure (@SkycureSecurity) April 21, 2015
Developers often like to implement SSL due to its good security record. Skycure said the potential range of attack is very wide. SSL is widespread among iPhone apps and popular social networking services, the researchers said, meaning that an affected phone will be rendered useless.
At the RSA conference, a team from Skycure acknowledged that a victim must first connected to a malicious Wi-Fi network in order to be sent the phony certificate. By implementing a previously discovered vulnerability that forces iOS devices to connect to bad networks, the researchers said they can trick iPhones into receiving the certificate.
System processes conducted automatically on iOS systems also use SSL, Skycure said, meaning a phone that’s tricked into connecting to the malicious network will crash anything in its range.
The result is a “No iOS Zone” in Skycure terminology, which could be used in theory to prevent every Apple device in a targeted area from achieving even basic functionality.
“Victims in range cannot do anything about it,” Skycure said. “Think about the impact of launching such an attack on Wall Street, or maybe at the world’s busiest airports, or at large utility plants. The results would be catastrophic.”
At the RSA convention, Skycure said the weakness could be used to stop every iPhone user in a governmental or military facility from using their device to communicate.
— Chris Fucanan (@chrisfucanan) April 21, 2015
“There is nothing you can do about it other than physically running away from the attackers. This is not a denial-of-service where you can't use your Wi-Fi – this is a denial-of-service so you can't use your device even in offline mode.”
Skycure said they first approached Apple about the vulnerability last November and remain in discussions concerning the weakness. On the firm’s blog, they said they’re refraining from disclosing any more details publically about the attack since the Silicon Valley giant hasn’t confirmed whether the issue has been fully fixed. The firms says there were around 120 known iOS vulnerabilities identified last year, and that figure is expected to grow to 170 by the end of 2015.