Saturday, April 25, 2015

Security Flaws In iOS 8 Hack WiFi Connected iOS Device

Attackers can use security flaw in iOS 8 to hack WiFi connected iPhone, iPad, or iPod touch and make it unusable. Prevoius security flaw was with iOS 7 last year too. This vulnerability was discovered by security researchers at the RSA security conference in San Francisco.

Due to fact that Apple’s iOS devices and Macs have tended to fare relatively well in the world of security, this new security flaw may prove troublesome for iPhones and iPads users though, mainly because it has the potential to cause those devices to go into a constant boot-loop.

Under the label ‘No iOS Zone,’ the iOS 8 SSL security flaw lets attackers effectively crash any iOS device that is connected to a Wi-Fi network that they control.

Using this iOS 8 bug the hackers will be able to manipulate SSL certificates in a particular way and then make a crash. The target for the hackers would be tremendous, as SSL certificates are used by a huge number of apps and websites.

The SSL certificate parsing vulnerability impact is that it actually affects the underlying iOS operating system. With heavy use of devices exposed to the vulnerability, the operating system crashes as well. It makes that devices into a repeatable reboot cycle. What is worse, iOS 8 SSL issue makes the victim’s device unusable for as long as the attack impacts a device.

Even in case hacked device owners understand that the attack goes from Wi-Fi network, they can’t disable the Wi-Fi interface in the repeated restart state. You can watch how it goes on the video.

The good news is that the group, that presented how iOS 8 hack WiFi connected iOS devices via vulnerability, is working with Apple on a fix. Hopefully fix will arrive in a future update to iOS for iPads and iPhones.


Post a Comment