Crazy iOS security flaw lets attackers crash any iPhone or iPad nearby

[Reefa]

At the RSA Conference held this week in San Francisco, researchers Yair Amit and Adi Sharabani disclosed a dangerous and scary new iOS hack which can cause targeted iPhones or iPads to enter a perpetual reboot loop, effectively rendering the devices all but useless.

Amit and Sharabani, who both work for the mobile security firm Skycure, note that the security flaw exists in iOS 8 and can be triggered via manipulated SSL certificates sent to a device over a WiFi network. What's more, a previous iOS bug disclosed by Skycure, dubbed WiFiGate, enables attackers to create their own WiFi network and "force external devices to automatically connect to it." Taken together, attackers can effectively create what is referred to as a "No iOS Zone."

Skycure writes:

Envision a small device, which automatically captures any iOS device in range and gets it to join a fake network. Then, it issues the attack and crashes attacked iOS devices again and again. Victims in range cannot do anything about it. Think about the impact of launching such an attack on Wall Street, or maybe at the world’s busiest airports, or at large utility plants. The results would be catastrophic.

The research firm adds that even when a victim knows that an errant WiFi connection is wreaking havoc on their device, they can't exit out of the reboot loop to even turn it off. A video demonstration of what the hack looks like on an affected device can be seen below

As it stands now, Skycure has disclosed the attack to Apple but won't provide any more "how-to" details as to keep it out of malicious hands.

networkworld.com