iOS 8 vulnerability crashes iPhones and iPads when connected to WiFi

Security researchers have revealed a vulnerability in iOS 8 that leaves iPhones and iPads open to denial of service (DoS) attacks simply by connecting to Wi-Fi.

This is because Adi Sharabani and Yair Amit from SkyCure, a mobile device security company, have unveiled the vulnerability iOS 8 during the 2015 RSA Conference. It will enable hackers to crash any iPhone or iPad which connects to a wireless network.

Due to this vulnerability, the hackers will be able to manipulate SSL certificates which are used by almost every single app on Apple’s App Store. The hackers will then send them over Wi-Fi to the victim, causing the iPhone or iPad to crash and reboot.

However, SkyCure has provided only limited technical details becuase it does not want the attackers to know the exact method. The company also affirmed that it is working with Apple to help remove the potential vulnerability in iOS 8.

SkyCure has explained in a blog post that for the DoS to actually happen, a Wi-Fi router would need to be setup with a “specific configuration.” A particularly designed SSL certificate would be required for a hacker to perform the DoS, with a script exploiting this bug that SkyCure says is within iOS 8 and the apps on it:

“With our finding, we rushed to create a script that exploits the bug over a network interface. As SSL is a security best practice and is utilized in almost all apps in the Apple app store, the attack surface is very wide. We knew that any delay in patching the vulnerability could lead to a serious business impact: an organized denial of service (DoS) attack can lead to big losses.”

The attackers will not able to access any critical information from your device. The attack’s effects are limited to crashing connected iPhones and iPads.

This type of attacks are likely to be used at events such as protests, concerts, marches and other events where a lot of people will be looking to connect to wireless networks.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Become a spy in your own right with Xnspy Android spying app

Having become widely popular among parents and employers, spying apps have become quite the norm nowadays. Android spying apps have made it a lot...

e-Services Portals Potentially Expose Government Infrastructure to File-based Attacks

More and more users are embracing technology to perform their day-to-day activities. It’s not only private businesses that are forced to establish digital channels...

What is Nmap? How to use Nmap for Information Gathering

Nmap stands for Network Mapper, a powerful network scanning and host detection tool that is being used to perform reconnaissance in a very first...

Digital Forensics Investigation using Autopsy In Kali Linux

Autopsy is one of the digital forensics tools use to investigate what happened on a computer. It offers a GUI access to variety of...