iOS 8 vulnerability crashes iPhones and iPads when connected to WiFi

Security researchers have revealed a vulnerability in iOS 8 that leaves iPhones and iPads open to denial of service (DoS) attacks simply by connecting to Wi-Fi.

This is because Adi Sharabani and Yair Amit from SkyCure, a mobile device security company, have unveiled the vulnerability iOS 8 during the 2015 RSA Conference. It will enable hackers to crash any iPhone or iPad which connects to a wireless network.

Due to this vulnerability, the hackers will be able to manipulate SSL certificates which are used by almost every single app on Apple’s App Store. The hackers will then send them over Wi-Fi to the victim, causing the iPhone or iPad to crash and reboot.

However, SkyCure has provided only limited technical details becuase it does not want the attackers to know the exact method. The company also affirmed that it is working with Apple to help remove the potential vulnerability in iOS 8.

SkyCure has explained in a blog post that for the DoS to actually happen, a Wi-Fi router would need to be setup with a “specific configuration.” A particularly designed SSL certificate would be required for a hacker to perform the DoS, with a script exploiting this bug that SkyCure says is within iOS 8 and the apps on it:

“With our finding, we rushed to create a script that exploits the bug over a network interface. As SSL is a security best practice and is utilized in almost all apps in the Apple app store, the attack surface is very wide. We knew that any delay in patching the vulnerability could lead to a serious business impact: an organized denial of service (DoS) attack can lead to big losses.”

The attackers will not able to access any critical information from your device. The attack’s effects are limited to crashing connected iPhones and iPads.

This type of attacks are likely to be used at events such as protests, concerts, marches and other events where a lot of people will be looking to connect to wireless networks.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What Makes ICS/OT Infrastructure Vulnerable?

Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and...

Everything You Must Know About IT/OT Convergence

What is an Operational Technology (OT)? Operational technology (OT) is a technology that primarily monitors and controls physical operations. It can automate and control machines,...

Understand the OT Security and Its Importance

This article discusses OT security and why it is essential for protecting industrial systems from cyberattacks. We will also discuss common control objectives that can...

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...