iOS Wi-Fi vulnerability leaves devices without Wi-Fi functionality

[BondiBlue]

Note: Please do not try this yourself. If you do please know that you are doing so at your own risk, and it's up to you to deal with whatever happens to your device. I'm not responsible, the forum staff aren't responsible, and nobody else is responsible. 

 

Summary

Using a specially named Wi-Fi SSID it is possible to disable Wi-Fi functionality of all nearby iPhones. The problem can't be fixed by resetting network settings, requiring the user to reset the entire device.

 

When iOS devices (iPhones have been used for testing) find a Wi-Fi network with the SSID of '%secretclub%power' they'll lose Wi-Fi functionality entirely. Wi-Fi can't be turned on, and features that use it can't be accessed. The device does not need to connect to the network; it simply needs to be in range. A hard reset seems to be required to fix the devices, so users would have to use cellular data or USB to backup their data. 

 

Quotes

Quote

"Schou tweeted today that if an iPhone comes in range of a Wi-Fi network named ‘%secretclub%power’, then that iPhone will no longer be able to use Wi-Fi or Wi-Fi related features. Schuo even says that this bug persists when resetting network settings." - 9to5Mac

 

My thoughts

This is definitely something that needs to be addressed. Most users simply leave Wi-Fi turned on even when they're not using it, so lots of people could be affected without warning. It's especially worrying given how easy this is to exploit.

 

Sources

9to5Mac Article

 

 

Edit: Apparently this may not be an issue if your device doesn't connect to the Wi-Fi network. I don't have any spare iOS devices to test it with right now, but hopefully there will be some clarification soon.

[da na]

Nice.

Good thing I literally never turn wifi on on my phone... Does it work for all iOS versions? Is my beloved (and heavily modded) IP4S safe?

[pythonmegapixel]

They better get this patched pretty quick. Now that it's been publicised you know there'll be some troublemakers who will take advantage of it, to the chagrin of any iPhone users in the area.

 

After all it's not exactly difficult to set up a Wi-Fi network with whatever SSID you like. It's even easier if the network doesn't actually need to work properly.

[BuckGup]

I need to find a college campus ASAP and then do iPhone repairs for WiFi issues. 

[Salv8 (sam)]

41 minutes ago, pythonmegapixel said:

Now that it's been publicised you know there'll be some troublemakers who will take advantage of it, to the chagrin of any iPhone users in the area.

*gets evil grin*

its so good to be bad!

[8tg]

6 minutes ago, Salv8 (sam) said:

*gets evil grin*

its so good to be bad!

What is this comment? Did you time travel from 2011 or something?

[Forbidden Wafer]

**My hand is itching**

[Human1235234]

Maybe don't spread the name...

[BondiBlue]

6 minutes ago, Human1235234 said:

Maybe don't spread the name...

It's already been made public in multiple places. Excluding it from my post would have been pointless. 

[Human1235234]

Just now, BondiBlue said:

It's already been made public in multiple places. Excluding it from my post would have been pointless. 

Fair enough

[Belgarathian]

1 hour ago, pythonmegapixel said:

They better get this patched pretty quick. Now that it's been publicised you know there'll be some troublemakers who will take advantage of it, to the chagrin of any iPhone users in the area.

 

After all it's not exactly difficult to set up a Wi-Fi network with whatever SSID you like. It's even easier if the network doesn't actually need to work properly.

Some 12 year old for shits and giggles. The little shit.

[The_russian]

Looks like the researcher only contacted Apple about the bug in mid-June, isn't it standard practice to give a company 30 days notice (or 90 for a more severe security bug) before releasing info to the public to give the company time to implement a fix? I'm all for people trying to find bugs and flaws, but there's a proper way to go about disclosing it. 

[Human1235234]

At least it doesn't seem to disable it immediately.

[BondiBlue]

1 hour ago, Human1235234 said:

At least it doesn't seem to disable it immediately.

It doesn't?

[Fasterthannothing]

Imagine the chaos if someone was just riding around college campuses or malls with a wifi hotspot named this. Like this might just be dumbest vulnerability I've seen because it's too easy to replicate. You know some punk kid is going to do it in school or at the mall or something for giggles. I mean on the other hand at least iphone backups are easy. This needs to be fixed ASAP.

[da na]

2 hours ago, BondiBlue said:

It's already been made public in multiple places. Excluding it from my post would have been pointless. 

I almost want to do this to troll my family but will resist because I like existing.

[BondiBlue]

7 minutes ago, Mel0nMan said:

I almost want to do this to troll my family but will resist because I like existing.

I shouldn't have to remind people that this should not be done. 

[Zodiark1593]

2 hours ago, The_russian said:

Looks like the researcher only contacted Apple about the bug in mid-June, isn't it standard practice to give a company 30 days notice (or 90 for a more severe security bug) before releasing info to the public to give the company time to implement a fix? I'm all for people trying to find bugs and flaws, but there's a proper way to go about disclosing it. 

Standard-practice doesn’t mean it’s law. A researcher can disclose whatever vulnerability they feel like. There’s nothing stopping disclosures if a researcher deems it necessary, or wishes to cause damage. 

[The_russian]

1 minute ago, Zodiark1593 said:

Standard-practice doesn’t mean it’s law. A researcher can disclose whatever vulnerability they feel like. There’s nothing stopping disclosures if a researcher deems it necessary, or wishes to cause damage. 

I wasn't suggesting it was illegal, just unethical. In my opinion that's one of the things that setups apart actual security researchers from people just looking for internet fame, for lack of a better word. A security researcher actually cares about the security of people's devices and allows a company some time to fix the problem before letting the world know about a bug/flaw, the general industry agreement like I already mentioned seems to be 30 days. Of course like you said they are legally free to disclose whenever they want, it just seems like there might have been a bit of "First!" involved in this disclosure, kind of like "First" YouTube comments, as apposed to actually looking out for the good of people.

[da na]

23 minutes ago, BondiBlue said:

I shouldn't have to remind people that this should not be done. 

Of course I'm not actually going to do that, I should have been clearer.

[Human1235234]

1 hour ago, BondiBlue said:

It doesn't?

Not the way I tested it.

[mr moose]

So I can't help but wonder how something like this even becomes a thing?  I mean, being able to kill the wifi subsystem when detecting a problem is one thing (and good), but being able to trigger it with a mere SSID seems like a novice mistake.

[Forbidden Wafer]

7 minutes ago, mr moose said:

So I can't help but wonder how something like this even becomes a thing?  I mean, being able to kill the wifi subsystem when detecting a problem is one thing (and good), but being able to trigger it with a mere SSID seems like a novice mistake.

This is why fuzzying is a thing and \0 terminated strings are the root of all evil.

[Zodiark1593]

43 minutes ago, The_russian said:

I wasn't suggesting it was illegal, just unethical. In my opinion that's one of the things that setups apart actual security researchers from people just looking for internet fame, for lack of a better word. A security researcher actually cares about the security of people's devices and allows a company some time to fix the problem before letting the world know about a bug/flaw, the general industry agreement like I already mentioned seems to be 30 days. Of course like you said they are legally free to disclose whenever they want, it just seems like there might have been a bit of "First!" involved in this disclosure, kind of like "First" YouTube comments, as apposed to actually looking out for the good of people.

Ethics are highly subjective. The researchers could well have decided that withholding the bug to be more damaging. Maybe they simply disregard ethics entirely. Or like you said, they wanted a “first”. 
 

Doesn’t matter though. There’s no ethical bar to uncovering flaws, nor actual consequence that could be dealt (the industry is remarkably indiscriminate, if you’ve superior and demanded skills, there’s likely a company or three willing to put up with questionable morals to get said skill for a competitive advantage), so from a pragmatic perspective, arguing ethics is pointless. 
 

 

Any idea if this bug affects specific iOS versions? I’ve unlimited data myself, so I have the luxury of not having to rely upon wifi, though I know people I’d have to help where this isn’t the case, and I’m not looking forward to the potential fallout. Further, Apple really needs some pushing (read: a violent shove) to enable OtA updates across all their supported lineup, rather than the exclusive domain of their 5G enabled phones. This is rather an important flaw to fix, and having wifi be central to this bug is not helping Apple make its case for keeping this restriction. 

[The_russian]

7 minutes ago, Zodiark1593 said:

Any idea if this bug affects specific iOS versions?

I've only seen it confirmed on iOS 14.4.2 and 14.6, but that's not saying much since basically every article I looked at all had the same source (tweets from Carl Schou). I can't imagine people are lining up at a chance to break their phone's wifi so I guess that's not too surprising. 

 

12 minutes ago, Zodiark1593 said:

Further, Apple really needs some pushing (read: a violent shove) to enable OtA updates across all their supported lineup, rather than the exclusive domain of their 5G enabled phones. This is rather an important flaw to fix, and having wifi be central to this bug is not helping Apple make its case for keeping this restriction. 

That's an interesting point I didn't think about, certainly not great to have to enable wifi to fix a bug with wifi. Do you know why they require wifi for updates instead of allowing data? I can't think of any of their usual reasons like security applying here.