A wi-fi network naming bug has been discovered in Apple’s iOS functioning process that correctly disables an iPhone’s capacity to hook up to a Wi-Fi network.
The issue was noticed by security researcher Carl Schou, who uncovered that the phone’s Wi-Fi functionality gets completely disabled after signing up for a Wi-Fi network with the uncommon identify “%p%s%s%s%s%n” even immediately after rebooting the phone or altering the network’s name (i.e., support established identifier or SSID).
The bug could have significant implications in that negative actors could exploit the issue to plant fraudulent Wi-Fi hotspots with the identify in concern to split the device’s wi-fi networking features.
Just after signing up for my particular WiFi with the SSID “%p%s%s%s%s%n”, my iPhone forever disabled it can be WiFi features. Neither rebooting nor switching SSID fixes it :~) pic.twitter.com/2eue90JFu3
— Carl Schou (@vm_connect with) June 18, 2021
The issue stems from a string formatting bug in the way iOS parses the SSID input, triggering a denial of company in the course of action, in accordance to Zhi Zhou, a senior security engineer at Ant Fiscal Light-weight-Calendar year Security Labs in a short investigation released on Saturday.
“For the exploitability, it doesn’t echo and the rest of the parameters really don’t seem to be like to be controllable. So I do not imagine this circumstance is exploitable,” Zhou famous. “Right after all, to set off this bug, you need to have to link to that WiFi, the place the SSID is obvious to the victim. A phishing Wi-Fi portal web page may well as effectively be additional powerful.”
While the issue isn’t really reproducible on Android products, iPhones that have been impacted by the dilemma would require to have their iOS network settings reset by likely to Configurations > Basic > Reset > Reset Network Configurations and affirm the motion.
Located this short article fascinating? Abide by THN on Fb, Twitter and LinkedIn to read additional distinctive written content we put up.
Some components of this article are sourced from: