Novelty iPhone Wi-Fi hack morphs into a more dangerous malicious attack
Amichai Shulman, CTO of wireless security specialist AirEye, stated that “Our research team was able to construct the network name in a way that does not expose the user to the weird characters, making it look like a legitimate, existing network name.” That is a big deal because without the flashing red light of a network named %p%s%s%s%s%n warning an iPhone user to stay away, they could easily find themselves syncing with a malicious Wi-Fi network.
After joining my personal WiFi with the SSID “%p%s%s%s%s%n”, my iPhone permanently disabled it’s WiFi functionality. Neither rebooting nor changing SSID fixes it :~) pic.twitter.com/2eue90JFu3
— Carl Schou (@vm_call) June 18, 2021
Shulman says, “Since the attack traffic is not part of the corporate network, Firewalls, NACs and Secure WLANs do not protect against this type of attack and most traditional network security solutions remain completely oblivious to it. Attack traffic can be sent over channels that are not used for corporate network traffic. Consequently, the attack goes undetected by network security solutions and does not leave any trace in the forensics and networking logs.”
Will Apple push out a patch in the upcoming iOS 14.7 build currently being beta tested?
Amichai adds that Apple’s MacBooks could also be vulnerable and format string flaws can also be created for devices running Android, Windows and Linux. “Airborne attacks are new and an as-yet unaddressed threat vector. Given their stealthy nature we’re bound to see more such attacks,” the chief technical officer says.
All Apple iPhone models running iOS 14 are considered at risk.