There’s a bug in Apple’s iOS 8 that allows nearby attackers to send apps—and in some cases the iPhone or iPad they run on—into an endless reboot cycle that temporarily renders the devices useless, according to researchers who demonstrated the attack Tuesday.
The exploit uses a standard Wi-Fi network that generates a specially designed secure sockets layer (SSL) certificate to exploit the bug, according to the researchers, who work for Israel-based Skycure. The encrypted communication causes whatever apps happen to be connected to the booby-trapped Wi-Fi network to crash. The vulnerability was introduced in version 8 of the Apple mobile operating system.
After sustained connections to the malicious signal, the OS itself will crash, in some cases in a way that causes the devices it runs on to spiral into a repeatable reboot cycle. Making the attack particularly vexing, even if users know the endless crashes are generated by the Wi-Fi network they’re connected to, they can’t disconnect because the repeated restarts make it impossible to access the device’s user settings, as demonstrated in the following video:
Read 3 remaining paragraphs | Comments

Leave a Reply