iOS 8 vulnerability crashes iPhones and iPads when connected to WiFi

Security researchers have revealed a vulnerability in iOS 8 that leaves iPhones and iPads open to denial of service (DoS) attacks simply by connecting to Wi-Fi.

This is because Adi Sharabani and Yair Amit from SkyCure, a mobile device security company, have unveiled the vulnerability iOS 8 during the 2015 RSA Conference. It will enable hackers to crash any iPhone or iPad which connects to a wireless network.

Due to this vulnerability, the hackers will be able to manipulate SSL certificates which are used by almost every single app on Apple’s App Store. The hackers will then send them over Wi-Fi to the victim, causing the iPhone or iPad to crash and reboot.

However, SkyCure has provided only limited technical details becuase it does not want the attackers to know the exact method. The company also affirmed that it is working with Apple to help remove the potential vulnerability in iOS 8.

SkyCure has explained in a blog post that for the DoS to actually happen, a Wi-Fi router would need to be setup with a “specific configuration.” A particularly designed SSL certificate would be required for a hacker to perform the DoS, with a script exploiting this bug that SkyCure says is within iOS 8 and the apps on it:

“With our finding, we rushed to create a script that exploits the bug over a network interface. As SSL is a security best practice and is utilized in almost all apps in the Apple app store, the attack surface is very wide. We knew that any delay in patching the vulnerability could lead to a serious business impact: an organized denial of service (DoS) attack can lead to big losses.”

The attackers will not able to access any critical information from your device. The attack’s effects are limited to crashing connected iPhones and iPads.

This type of attacks are likely to be used at events such as protests, concerts, marches and other events where a lot of people will be looking to connect to wireless networks.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How To Create A Virtual Penetration Testing Lab At Home

In this article, I will demonstrate how to create your own virtual penetration testing lab at home. Creating a pentesting lab is must for...

The Importance of Cyber Security in The Medical Device Industry

Medical devices are a revolutionary aspect of healthcare - they connect doctors and patients, help diagnose and treat diseases. Some - like ECMO machines...

Top 5 Techniques Hackers Use to hack Social Media Accounts

These days, Social Media have become a significant need in our everyday life. It encourages us to associate and connect with anyone over the...

5 Top Programming Languages for Hacking

We live in the 21st century, which is very fast-changing. This is a century of competition for information and computing resources. Every year the...