iOS Wi-Fi vulnerability leaves devices without Wi-Fi functionality

[leadeater]

31 minutes ago, StDragon said:

In response to both @Jet_ski @BondiBlue; I'm reading conflicting info online elsewhere to that same reasoning. Some say it just has to read the SSID once in range while others state you must explicitly attempt to connect to it.

At this point I will err on the side of caution and just disable WiFi within the iOS Settings Menu until Apple provides an iOS update.

Hmm would be good to get some clarification around that, hope it's actually trying to connect that causes it and not simply being in range.

[wanderingfool2]

6 hours ago, leadeater said:

Hmm would be good to get some clarification around that, hope it's actually trying to connect that causes it and not simply being in range.

Yea clarification would help...hoping someone has an iPhone here and can check (a spare iPhone).

 

I think the confusion is around the fact that a few weeks ago there was a similar thing where you had to join a network, but then there was a tweet regarding hosting a public wifi with a different string.  Specifically this one

 

But in the thread there seems to be discussion that it's a bit finicky (not all iPhones are susceptible).

[wanderingfool2]

On 7/6/2021 at 9:20 AM, leadeater said:

Hmm would be good to get some clarification around that, hope it's actually trying to connect that causes it and not simply being in range.

Okay, from what I've seen/heard of this now.  It isn't about simply being in range.  If they have their iPhones set to auto-join networks then they could be in trouble (depending which version of phone they are running).

 

Although, I don't use iPhone enough, is auto-join public wifi networks on by default or do users have to turn it on?  (I'd imagine it is off, but I could be wrong).

 

The potential attack being that someone sets up an unprotected hotspot with that name, and people join it [manually or automatically] (and since it's saved in the backup, you have to use a backup prior to being exposed)/

[RejZoR]

7 hours ago, wanderingfool2 said:

Okay, from what I've seen/heard of this now.  It isn't about simply being in range.  If they have their iPhones set to auto-join networks then they could be in trouble (depending which version of phone they are running).

 

Although, I don't use iPhone enough, is auto-join public wifi networks on by default or do users have to turn it on?  (I'd imagine it is off, but I could be wrong).

 

The potential attack being that someone sets up an unprotected hotspot with that name, and people join it [manually or automatically] (and since it's saved in the backup, you have to use a backup prior to being exposed)/

It's off by default, but is set to notify user about open nearby networks. I just want to know who are people that connect to random bizarre named WiFi networks and managed to survive this long without any incidents.

[StDragon]

1 hour ago, RejZoR said:

It's off by default, but is set to notify user about open nearby networks. I just want to know who are people that connect to random bizarre named WiFi networks and managed to survive this long without any incidents.

Children . I could see such a scenario where they are playing on an iPad and that pops up on the screen. Of course they will tap on it

[RejZoR]

24 minutes ago, StDragon said:

Children . I could see such a scenario where they are playing on an iPad and that pops up on the screen. Of course they will tap on it

iirc it doens't just directly connect you, it just takes you to WiFi settings and then you decide. Still, yeah, some people just click/tap anything.

[AnonymousGuy]

I still hear the legend of my coworkers sending the text of death to my other coworkers and constantly bricking their phones.

[Rolling2405]

On 7/4/2021 at 1:32 PM, BondiBlue said:

The device does not need to connect to the network; it simply needs to be in range. A hard reset seems to be required to fix the devices, so users would have to use cellular data or USB to backup their data. 

Even if they come in range and even if they connect, can't they just move out of range of the network and it will be fixed?