An unusual bug was found in Apple nearly two months ago, if the user changed the date to January 1st, 1970, his/her device would get temporarily bricked and later Apple resolved the bug. Now your device still remains vulnerable if you don’t have the latest firmware.

Evil WiFi Networks Could Remotely Brick Any iOS Device

Apple released a fix to prevent people from intentionally bricking their iPhones, however this is different issue, according to Krebs on Security.

Security Researchers, Patrick Kelly and Matt Harrigan said that flaw in the way that Apple devices frequently check Network Time Protocol servers leaves a maliciously configured WiFi Network able to brick a device.

Apple products like iPads are designed to automatically connect to wireless networks they have connected before. They go for it with a comparably weak level of authentication.

“If you connect to a network named “Hotspot” once, going forward your device may automatically connect to any open network that also happens to be called “Hotspot.”

“For example, to use Starbuck’s free Wi-Fi service, you’ll have to connect to a network called “attwifi”. But once you’ve done that, you won’t ever have to manually connect to a network called “attwifi” ever again. The next time you visit a Starbucks, just pull out your iPad and the device automagically connects.

From an attacker’s perspective, this is a golden opportunity. Why? He only needs to advertise a fake open network called “attwifi” at a spot where large numbers of computer users are known to congregate. Using specialized hardware to amplify his Wi-Fi signal, he can force many users to connect to his (evil) “attwifi” hotspot. From there, he can attempt to inspect, modify or redirect any network traffic for any iPads or other devices that unwittingly connect to his evil network.”

Once the device gets connected to the malicious network, the device is then configured to draw its NTP updates from a compromised server, which sets the time and date as January 1, 1970, you might be aware that what happens next after setting the said date in iOS devices.

“The iPads that were brought within range of the test (evil) network rebooted, and began to slowly self-destruct. It’s not clear why they do this, but here’s one possible explanation: Most applications on an iPad are configured to use security certificates that encrypt data transmitted to and from the user’s device. Those encryption certificates stop working correctly if the system time and date on the user’s mobile is set to a year that predates the certificate’s issuance.”

Fortunately we can get rid of this problem by simply updating the iOS build to version 9.3.1 or newer. Your device will remain at risk of getting remotely bricked if you don’t do it.

LEAVE A REPLY

Please enter your comment!
Please enter your name here