A wi-fi network naming bug has been learned in Apple’s iOS functioning procedure that correctly disables an iPhone’s means to join to a Wi-Fi network.
The issue was spotted by security researcher Carl Schou, who observed that the phone’s Wi-Fi features will get permanently disabled immediately after becoming a member of a Wi-Fi network with the abnormal name “%p%s%s%s%s%n” even after rebooting the phone or modifying the network’s identify (i.e., assistance established identifier or SSID).
The bug could have really serious implications in that poor actors could exploit the issue to plant fraudulent Wi-Fi hotspots with the name in query to break the device’s wi-fi networking functions.
Right after signing up for my private WiFi with the SSID “%p%s%s%s%s%n”, my iPhone completely disabled it can be WiFi operation. Neither rebooting nor switching SSID fixes it :~) pic.twitter.com/2eue90JFu3
— Carl Schou (@vm_connect with) June 18, 2021
The issue stems from a string formatting bug in the method iOS parses the SSID enter, triggering a denial of services in the process, according to Zhi Zhou, a senior security engineer at Ant Financial Mild-Yr Security Labs in a limited investigation posted on Saturday.
“For the exploitability, it would not echo and the rest of the parameters never appear to be like to be controllable. As a result I do not assume this situation is exploitable,” Zhou observed. “Immediately after all, to trigger this bug, you will need to join to that WiFi, where the SSID is seen to the victim. A phishing Wi-Fi portal webpage may as well be more powerful.”
Although the issue isn’t really reproducible on Android products, iPhones that have been afflicted by the challenge would need to have to have their iOS network configurations reset by going to Settings > Basic > Reset > Reset Network Configurations and verify the motion.
Located this article interesting? Adhere to THN on Fb, Twitter and LinkedIn to study much more distinctive articles we put up.
Some parts of this article are sourced from:
thehackernews.com