Apple has been the subject of attention of security researchers in recent weeks in what seems a hunting season for bugs in the systems of Apple. An example is the case of a former failure that came to be exploited after being declared as corrected.
A new discovery was revealed by Skycure at the World Conference of RSA Security. The bug found does not have the ability to allow the invasion of hackers or data theft, but performs a bizarre effect - leaves the iPhone or iPad in a perpetual reboot loop.
The researchers found that the problem occurs because of an innate vulnerability of SSL certificates on iOS 8, which when combined with an exploration of another weakness in WiFi, may render the device unusable, restarting the device once the system is loaded.
Again, to explore the bug, it is necessary that the victim is in a public WiFi network. Through any application that uses SSL certificates - which means almost all - an attacker can use a dummy certificate that causes it to crash. If, however, feed the operating system itself with the same bad data, then the hardware will have the strange behavior that will make it impossible to use the device. Just set up a Wi-Fi network to behave as one of the reliable setups that iOS automatically tries to connect, for example, any one named "attwifi". So all it takes is for someone to create a nefarious network with this name and ready, the trap is set.
Check out the results:
The Skycure already presented their findings to Apple and of course, no details on how to attack a device exploiting this flaw. No information on how the company intends to fix the problem, but stay tuned to software updates and take the utmost care with public networks recognized as trusted by iOS 8.
A new discovery was revealed by Skycure at the World Conference of RSA Security. The bug found does not have the ability to allow the invasion of hackers or data theft, but performs a bizarre effect - leaves the iPhone or iPad in a perpetual reboot loop.
The researchers found that the problem occurs because of an innate vulnerability of SSL certificates on iOS 8, which when combined with an exploration of another weakness in WiFi, may render the device unusable, restarting the device once the system is loaded.
Again, to explore the bug, it is necessary that the victim is in a public WiFi network. Through any application that uses SSL certificates - which means almost all - an attacker can use a dummy certificate that causes it to crash. If, however, feed the operating system itself with the same bad data, then the hardware will have the strange behavior that will make it impossible to use the device. Just set up a Wi-Fi network to behave as one of the reliable setups that iOS automatically tries to connect, for example, any one named "attwifi". So all it takes is for someone to create a nefarious network with this name and ready, the trap is set.
Check out the results:
The Skycure already presented their findings to Apple and of course, no details on how to attack a device exploiting this flaw. No information on how the company intends to fix the problem, but stay tuned to software updates and take the utmost care with public networks recognized as trusted by iOS 8.