Apple’s iOS devices and indeed its Macs have tended to fare relatively well in the world of security, not finding themselves on the wrong end of too many major incidents. A new security flaw, outed at the RSA security conference in San Francisco, may prove troublesome for users of iPhones and iPads though, mainly because it has the potential to cause those devices to go into a constant boot-loop.
Dubbed ‘No iOS Zone,’ the vulnerability allows attackers to effectively crash an iOS device that is connected to a Wi-Fi network that they control. The hackers would take advantage of a bug that currently resides within iOS 8 that would let them manipulate SSL certificates in a a particular way and then cause a crash. SSL certificates are used by a huge number of apps and websites, meaning the target for the hackers would be huge.
The initial thought here is that if you don’t go connecting to unknown Wi-Fi networks then you are fine, but unfortunately that isn’t the case. With certain carriers hardcoding iOS devices to automatically connect to specific Wi-Fi access points, users may not have complete control over which networks they connect to. If a hacker was to spoof one of these hotspots and users were to inadvertently and automatically connect to them, they would be no course of prevention for the user other than to turn Wi-Fi off completely. That’s far from ideal, we’re sure you agree.
The good news is that the team behind the presentation is working with Apple on a fix and the details of the exploit haven’t been made public for the betterment of everyone. Expect to see said fix arrive in a future update to iOS for iPads and iPhones sooner rather than later. Hopefully it will be long before this problem turns into a real issue not just for Apple, but for its users at large.