Saturday , July 31 2021
Home / Tyler Durden /Rogue Hotspot Can “Permanently” Break iPhone WiFi Functionality 

Rogue Hotspot Can “Permanently” Break iPhone WiFi Functionality 

Summary:
Security researcher Carl Schou discovered a bug in Apple's iOS that can disable an iPhone's ability to connect to hotspots after joining a WiFi with the SSID "%p%s%s%s%s%n."Schou tweeted, "after joining my personal WiFi with the SSID "%p%s%s%s%s%n", my iPhone permanently disabled its WiFi functionality. Neither rebooting nor changing SSID fixes it :~)." After joining my personal WiFi with the SSID “%p%s%s%s%s%n”, my iPhone permanently disabled it’s WiFi functionality. Neither rebooting nor changing SSID fixes it :~) pic.twitter.com/2eue90JFu3 — Carl Schou (@vm_call) June 18, 2021Schou told BleepingComputer that he conducted the test on an iPhone XS, running iOS version 14.4.2. BleepingComputer confirmed the test on an iPhone running iOS 14.6. They said the iPhone's wireless functionality

Topics:
Tyler Durden considers the following as important:

This could be interesting, too:

Tyler Durden writes Disband The FBI

Tyler Durden writes Autonomous Race Cars To Compete At Indianapolis Motor Speedway 

Tyler Durden writes Beer & Exercise – Just Do It!

Tyler Durden writes Countdown To The Next Lockdown: Biden Says “In All Probability” US Will See More Restrictions

Security researcher Carl Schou discovered a bug in Apple's iOS that can disable an iPhone's ability to connect to hotspots after joining a WiFi with the SSID "%p%s%s%s%s%n."

Schou tweeted, "after joining my personal WiFi with the SSID "%p%s%s%s%s%n", my iPhone permanently disabled its WiFi functionality. Neither rebooting nor changing SSID fixes it :~)." 

Schou told BleepingComputer that he conducted the test on an iPhone XS, running iOS version 14.4.2. BleepingComputer confirmed the test on an iPhone running iOS 14.6. They said the iPhone's wireless functionality would break after connecting to %p%s%s%s%s%n.

What this looks like is a format string bug issue, which is unusual these days. After the iPhone connected to the strangely worded hotspot, the smartphone failed at connecting to other hotspots. Android devices connected to the hotspot but didn't experience the same problem as iPhones.

A bug like this could be exploited by criminal actors who create unsecured WiFi hotspots called %p%s%s%s%s%n in a populated area and would wreak havoc on iPhone users trying to connect. 

BleepingComputer says this is a "string formatting vulnerability." 

Other security researchers who saw Schou's tweet and analyzed the crash report believe that an input parsing issue likely causes this bug.

When a string with "%" signs exists in WiFi hotspot names, iOS may be mistakenly interpreting the letters following "%" as string-format specifiers when they are not.

In C and C-style languages, string format specifiers have a special meaning and are processed by the language compiler as a variable name or a command rather than just text.

For example, the following printf command does not actually print the "%n" character but stores the number of characters (10) preceding %n into the variable "c."

The "%n" is merely a format specifier and not an actual text string. As such, the output of the following line will simply be "geeks for geeks," with no mention of "%n."

The good news is there's a fix that requires a reset of iOS network settings. 

While this bug is not widely known yet, imagine if malicious actors set up fake hotspots across dense metro areas and caused a WiFi crisis among iPhone users... Apple should really look into this bug. 

Tyler Durden
Tyler Durden (a pseudonym) represents the idea that a return to truly efficient markets is a possibility and a necessity. After having experienced the inner workings of capitalism at various asset managers and advisors, Tyler believes that the current model is flawed and a deleveraging at every level of modern society is needed to reinspire the fundamental entrepreneurial spirit.

Leave a Reply

Your email address will not be published. Required fields are marked *