Last week, San Francisco played host to the RSA Conference, one of the most important international security conferences. A lot of research has been made public and we will no doubt hear about the most interesting aspects (if we haven’t already) over the next few weeks.
Research relating to smartphones and other mobile devices always generates a lot of expectations, and in this respect, the RSAC is no exception.
Two researchers surprised people by demonstrating how they could carry out a denial of service (DoS) attack on iOS devices, the sole requirement being for the devices to be situated close to a specially prepared Wi-Fi access point. Let’s take a closer look at the vulnerability named No iOS Zone.
The history of this research
Researchers Yar Amit and Adi Sharabani from the company SkySecure say on their blog that it all started one day when they were preparing a demonstration of a network-based attack and were configuring a new router. After doing so in a specific way, they realised that one of the iOS apps was hanging.
The surprising thing came later, when other users also began to notice their apps installed on iOS devices failing. The surprises continued when they realised that this error only affected apps installed on iOS – obviously something strange was happening on those devices when this router was nearby. So the researchers got started on the task of trying to figure out what the root of the problem was.
In a nutshell, they discovered that by generating an SSL certificate in a certain way, an attacker could reproduce this error and cause apps that use the SSL protocol to communicate to hang. Due to the serious nature of this error and its potentially huge impact, they rushed to create a script exploiting this vulnerability in order to inform Apple about it, so the IT giant would be able to take the necessary measures to resolve it.
As a patch is yet to appear, the researchers did not provide too many technical details about this vulnerability, in case anyone with malicious intentions should use the information to try and reproduce it, causing major problems for iOS users.
Impact on affected systems
The most obvious effect, which can be seen in the videos posted online, is the blocking and hanging not only of apps but also of the operating system itself. This can cause problems such as the device entering a loop of restarts, rendering it unusable as long as the attack continues.
The problem becomes further complicated for iOS users if this vulnerability is combined with another attack called WiFiGate, which was discovered by the same team of researchers in 2013. To sum up, this attack would make it possible to create a network which would force certain types of devices to connect to it automatically.
The combination of the two techniques could create an area in which iOS devices could not be used, hence the name given to it by the researchers: No iOS Zone. It would only depend on configuring a device in such a way that it automatically detects iOS devices within its range and forces them to connect to its network. Once they are connected to the network, the attacker can cause the mobile devices to restart continuously until they leave its range.
Impact and solutions
The impact of such a vulnerability is theoretically quite wide. As iOS devices would be rendered practically unusable, attackers could create black spots in certain areas of interest to them with large quantities of iPhones and iPads, such as business centers, conference centres, universities, and Starbucks coffee shops, just to name a few examples.
Luckily, once again we can thank a group of researchers for discovering this vulnerability and reporting it to Apple in a responsible way. This way, users will be able to update their systems when a patch becomes available, preventing people with dubious intentions from taking advantage of this security flaw.
This article first appeared on Eset’s WeLiveSecurity blog. Eset is distributed in New Zealand by Chillisoft.