NO iOS Zone Vulnerability
One day, during preparation for a demonstration of a network-based attack, we bought a new router. After setting the router in a specific configuration and connecting devices to it, our team witnessed the sudden crash of an iOS app.
How does it work?
Researches were able to craft SSL certificate in order to crash the device, and then exploiting NO iOS Zone over a network.
Basically, by generating a specially crafted SSL certificate, attackers can regenerate a bug and cause apps that perform SSL communication to crash at will. With our finding, we rushed to create a script that exploits the bug over a network interface.
An even more interesting impact of the SSL certificate parsing vulnerability is that it actually affects the underlying iOS operating system. With heavy use of devices exposed to the vulnerability, the operating system crashes as well. Even worse, under certain conditions, we managed to get devices into a repeatable reboot cycle, rendering them useless.
How can I prevent and avoid this vulnerability?
- Users should disconnect from the bad Wi-Fi network or change their location in case they experience continuous crashing or rebooting.
- The latest iOS 8.3 update might have fixed a few of the mentioned threats–users are highly advised to upgrade to the latest version.
- In general, users should avoid connecting to any suspicious “FREE” Wi-Fi network.
iOS SSL Certificate Parsing Bug Uncovered by Skycure: One App Crash
iOS SSL Cert. Parsing Bug Uncovered by Skycure: Crashes Most Apps
iOS SSL Cert. Parsing Bug Uncovered by Skycure: Endless Reboot Cycle
Original blog post. Thanks Skycure for finding and reporting it.
