At the 2015 RSA Conference, security researchers from Skycure showcased a new iOS 8 vulnerability which, if properly exploited, can send iPhones and iPads connected to a malicious hotspot into a reboot loop. The vulnerability affects both the operating system as well as apps which use SSL to communicate.
All that an attacker has to do to exploit the vulnerability is to set up a router in a "specific configuration", and allow anyone to connect (basically make it an open hotspot). The iOS 8 devices that connect will be affected, without the attacker having to have access to them.
Based on the information provided by Skycure, this vulnerability seems to have been discovered by mistake. "One day, during preparation for a demonstration of a network-based attack, we bought a new router. After setting the router in a specific configuration and connecting devices to it, our team witnessed the sudden crash of an iOS app. After a few moments, other people started to notice crashes. Pretty quickly, we realized that only iOS users were suffering from crashes".
Skycure isn't saying exactly what an interested party has to do to exploit this vulnerability, as it is not yet confirmed as fixed by Apple. However, the security firm says that attackers would have to generate a custom SSL certificate and create a script, the latter of which likely has to be loaded on the router.
Skycure notes that this vulnerability is pretty serious, as using SSL is recommended practice, and employed by most iOS apps. Attackers could exploit this vulnerability to instrument a massive DoS (Denial of Service) attack, which can "lead to big losses". Just imagine what might happen if routers inside a major corporation are compromised and used for such an attack.
Apple has been notified, and is likely working to fix this vulnerability. Because it is not yet confirmed as fixed, as I said earlier, Skycure isn't telling us everything about the vulnerability. In case iOS 8 users see apps crashing, they should disconnect from the hotspot they are using (by hitting the Forget This Network button in the hotspot's settings, found in Settings -- Wi-Fi).
If the device is in the reboot loop, disconnecting from the hotspot might not be easy to do. In this case, simply going out of its range might allow users to have easy access to their device's Settings menu. They can also disable Wi-Fi, just to be sure their device won't reconnect.
Installing iOS 8.3 is also a good idea, as Skycure notes that it might have neutralized part of the threat. And, of course, users can (and should) also steer clear of public/free hotspots, which are generally insecure. Personally, I avoid them like the plague.
Photo credit: Bloomua / Shutterstock