Engadget Logo Engajet Japanese version of iPhone Wi-Fi destroyed malicious SSID SSID, is the trick and damage spread?

In June 2021, when the iPhone was connected to a Wi-Fi network with a specific SSD (network name), a bug that the Wi-Fi connection function was completely disabled was reported.It is said that a malicious method that could increase the damage was discovered later.

この不具合の報告は、セキュリティ研究者のCarl Schou氏が検証動画とともにツイートしたことが始まりでした。すなわち「%p%s%s%s%n」という名のWi-FiホットスポットにiPhoneを繋ぐとすべてのWi-Fi機能が無効になり、再起動しようがSSIDを変更しようが症状は直らない、というものです。これは「設定」アプリから「一般」>「リセット」>「ネットワーク設定をリセット」により工場出荷状態に戻せば、Wi-Fi設定ばかりかモバイル通信ネットワークなども全てやり直しになるとはいえ、解決できます。

However, according to Forbes, SCHOU has since discovered a trick to further serious damage.It is reported that the Wi-Fi function will recover only by deleting the entry that causes a problem by manually editing the backup file of the iPhone, and performing a custom factory reset (factory shipping status reset).。

It is presumed that these bugs interpret the character string with the "%" symbol in the SSID name as the variable name or command instead of text, and inadvertently passed some internal libraries to cause memory destruction bugs.I am.Conversely, there was a way to say that there was no danger if it did not connect to the strange Wi-Fi network that contains "%", but it would not spread much.The SSID was also reported).

However, "Our research team configures a network name in a way that does not show users strange letters to users, like an existing network name," said Amichai Shulman, a CTO of the wireless LAN security company "Aireye".I was able to show it. "In other words, a malicious aggressive SSID will be a hot spot with a common name.

"Attack traffic is not a part of corporate networks, so firewall, NAC, and Secure Wlan cannot protect this kind of attack, and most of the conventional network security solutions cannot be detected at all."Adds a warning.In addition, the MacBook may have vulnerabilities, and Android, Windows, and Linux may be attacked.

Apple has not issued an official statement on this issue, but the latest iOS 14.There were reports that the 7 beta version was corrected.IOS 14 that reflects the correction.7 Even if the official version has been distributed, it seems better to suspect a Wi-Fi network that has never been connected safely before.

Source: Forbes

VIA: Phonearena