At the RSA Conference 2015 in San Francisco this week, Yair Amit and Adi Sharabani of Skycure demonstrated what they call a “no iOS Zone” – the exploitation of two iOS vulnerabilities that allows attackers to force a constant cycle of reboots on any iOS device within range of a specially configured router, rendering all nearby iPhones and iPads useless.
Yet another SSL flaw
Amit and Sharabani first discovered that all iOS devices connected to their new router – set up to demonstrate a network attack – were repeatedly crashing. They investigated further.
The pair explain in a blog post that “by generating a specially crafted SSL certificate, attackers can regenerate a bug and cause apps that perform SSL communication to crash at will. With our finding, we rushed to create a script that exploits the bug over a network interface. As SSL is a security best practice and is utilized in almost all apps in the Apple app store, the attack surface is very wide. We knew that any delay in patching the vulnerability could lead to a serious business impact: an organized denial of service (DoS) attack can lead to big losses…
“An even more interesting impact of the SSL certificate parsing vulnerability is that it actually affects the underlying iOS operating system. With heavy use of devices exposed to the vulnerability, the operating system crashes as well. Even worse, under certain conditions, we managed to get devices into a repeatable reboot cycle”.
Combine this Wi-Fi attack with the so-called Wi-Fi Gate vulnerability, which forces iOS users to join a particular Wi-Fi network, and you can disable every iOS device in the vicinity, irrespective of whether they’ve chosen to join your network.
The only way to prevent such an attack would be to disconnect from the Wi-Fi network, which you can’t do while your device is constantly rebooting except by leaving the vicinity of the malicious router – literally running away.
If your organisation supports BYOD (bring your own device), you could lose all functionality on every affected device.
As Amit and Sharabani point out, “the impact of launching such an attack on Wall Street, or maybe at the world’s busiest airports, or at large utility plants… would be catastrophic.”