It can’t have escaped your attention that security experts have declared open season on Apple products over the last few weeks. At San Francisco’s RSA conference, an even more terrifying exploit has been revealed that has the power to send your iPhone or iPad into a perpetual restart loop.
Mobile security firm Skycure has discovered that iOS 8 has an innate vulnerability to SSL certificates that, when combined with another WiFi exploit, gives malicious types the ability to create no iOS zones that can render your smartphones and tablets unusable. Before you read on, grab a roll of tinfoil and start making a new case for your iPhone.
Broadly speaking, any app that uses SSL certificates – which is almost all of them – can be fed a dummy certificate that causes it to crash. If, however, you can feed that same dodgy data into the operating system itself, then the hardware will be thrown into a perpetual loop of failed restarts. That can be easily achieved if you can set up a WiFi network to behave like one of the trusted setups that iOS automatically tries to connect to. So, as Gizmodo says, all it takes is for someone to build a nefarious network, name it attwifi and they’ve got a honeytrap.
Skycure has already reported its findings to Apple and won’t give away any more details should it give hackers free reign to brick thousands of devices. Until the problem is fixed, users are advised not to trust free WiFi networks, keep iOS updated and, should they wander into a no iOS zone, get out, quickly.