14 DAY TRIAL // The iOS 1970 bug that can brick your devices is back and with a twist, with two security researchers now saying they were able to craft an automated exploit that can leverage the same issue via network connections, without needing access to a user's phone.
Back in February, users started reporting on Reddit about a new bug that manifested when they set their iPhone's date to January 1, 1970. Users were complaining that, after a phone reset, their iPhone would be stuck in the Apple logo screen and eventually stop working altogether.
Apple confirmed the issue and provided a bugfix for this issue when it released iOS 9.3.1 at the end of March.
Researchers waited weeks to publish the exploit
After waiting for more than a month so that Apple users could update their devices, two security researchers, Patrick Kelley from PacketSled and Matt Harrigan from Critical Assets, have now presented details about the research they carried out a few weeks back.
The two say their interest was captured by the 1970 bug due to its almost immediately and irreversible device bricking capability. As security researchers are taught to explore all attack vectors, the two started working on a method of exploiting this bug from remote locations, without having to touch or manipulate a user's iOS device.
Kelley and Harrigan discovered that they could create a malicious WiFi network to which iOS devices could connect. They could run an NTP (Network Time Protocol) server on this rogue WiFi network that would listen to time syncing requests made to time.apple.com.
A rogue NTP server can trick your iOS device into thinking its 1970
Their malicious NTP server would reply to this request telling the iOS device that the current date was December 31, 1969, 23:59:00.
If the device was running an iOS version vulnerable to the 1970 bug, after a minute, the device would reach the problematic crash date.
Researchers are claiming that iOS devices, both iPhones and iPads, would not crash immediately, like in the original scenario, but would slowly start to heat up and become unresponsive.
It takes about 20 minutes to brick iOS devices with the 1970 remote exploit
After around 20 minutes, the devices would reach critical temperatures, the battery would die, and the iPhone or iPad would be destroyed for good.
Kelley and Harrigan recommend that users update as soon as possible to iOS 9.3.1. Those who haven't upgraded yet should set their devices so they won't automatically connect to WiFi networks they don't trust. A better solution would be to turn off WiFi altogether and manually connect to each network.
The two are also warning against the risk of devices catching fire, since the battery's temperature during this exploit reaches dangerously high levels.
Below is a proof-of-concept video for the new iOS 1970 bug exploitable via network connections and a video of the original bug as reference.
