Novelty iPhone Wi-Fi hack turns into a more dangerous malicious attack
Amichai Shulman, CTO of AirEye Wireless Security Specialist, stated that “Our research team was able to construct the network name in a way that does not expose the user to the weird characters, making it look like a legitimate, existing network name.” This is a big deal because without the flashing red light from a network called% p% s% s% s% s% n% n% s% s% n% n% s% n% n% s% s% n% s% s% s% n% s% s% s% s% s% s% s a malicious Wi-Fi network.
After I joined my personal WiFi with the SSID “% p% s% s% s% s% s% n”, my iPhone permanently disabled the WiFi functionality. Neither restarting nor changing the SSID solves it: ~) pic.twitter.com/2eue90JFu3
– Carl Schou (@vm_call) June 18, 2021
Shulman says, “Since attack traffic is not part of the corporate network, firewalls, NACs and secure WLANs do not protect against this type of attack, and most traditional network security solutions remain completely unaware of this. Attack traffic can be transmitted over unused channels Consequently, the attack is undetected by network security solutions and leaves no trace in forensics and network logs. “
Will Apple push out an update in the upcoming iOS 14.7 build that is currently in beta testing?
Amichai adds that Apple’s MacBooks can also be vulnerable, and format string errors can also be created for devices running Android, Windows and Linux. “Airborne attacks are new and a currently unaddressed threat vector. Given their hidden nature, we have to see more such attacks,” said the technical chief.
All Apple iPhone models running iOS 14 are considered to be at risk.