Apps relying on SSL communication can also be crashed

Apr 22, 2015 14:21 GMT  ·  By

An attacker can send iOS devices connected to a Wi-Fi hotspot they control into a crash loop by leveraging a bug in iOS 8 touching on faulty parsing of SSL certificates.

SSL (Secure Sockets Layer) is used by both the operating system and numerous mobile apps to ensure secure communication between the client and the intended server.

Devices can be forced to connect to rogue Wi-Fi

The glitch was discovered by researchers at Skycure Mobile Security, who noticed that an app sending encrypted traffic to its server would crash when the device connected to a router was configured in a particular way.

Researchers pinpointed the source of the trouble and found that by using a specially crafted SSL certificate they could create a denial-of-service (DoS) condition on iOS apps communicating via SSL.

Since iOS itself relies on SSL for secure communication, the bug also affects the operating system, causing iPhones, iPads and iPods to crash continuously for as long as they stay connected to the malicious wireless network.

Forcing a user to connect to a bad Wi-Fi is not difficult and multiple methods exist. One of them is the Evil Twin attack, where the attacker impersonates a legitimate access point (AP) and clients connect to it automatically. This can be achieved by spoofing AP identifiers (SSID, BSSID) or attributes.

Apple did not confirm delivery of complete fix in iOS 8.3

Because the devices are inoperable within the range of the rogue Wi-Fi hotspot, Skycure dubbed the vulnerability “No-iOS Zone.”

In a blog post on Wednesday, the researchers offered an attack scenario that involved forcing iOS devices in an area, such as an airport, Wall Street or a utility plant, to connect to a fake AP and crash them. “The results would be catastrophic,” they warned.

Adi Sharabani and Yair Amit (Skycure co-founders), who presented the vulnerability on Tuesday, at the RSA security conference in San Francisco, say that victims are unable to disable the Wi-Fi interface between the reboots, as demonstrated in a demo video available below the article.

The vulnerability has been disclosed to Apple, who has yet to confirm that a complete patch has been delivered in the security update for iOS 8.3. Skycure recommends updating to this version of the OS saying that Apple might have fixed a few of the disclosed threats.

SSL certificate parsing bug causes iPhone to crash continuously:

Bug affects multiple mobile apps: