According to Engadget, at San Francisco’s RSA conference, an even more terrifying exploit has been revealed that has the power to send your iPhone or iPad into a perpetual restart loop. Mobile security firm Skycure has discovered that iOS 8 has an innate vulnerability to SSL certificates that, when combined with another WiFi exploit, gives malicious types the ability to create “no iOS zones” that can render your smartphones and tablets unusable. Before you read on, grab a roll of tinfoil and start making a new case for your iPhone. Scroll down to watch the video.
Once the user has entered what its discoverer, security researchers Skycure, dubs the “no iOS Zone”, there’s no way to fix their phone other than escaping the range of the malicious network; every time it reboots, it crashes almost immediately.
The basis of the attack uses a “specially crafted SSL certificate”, typically used to ensure a secure connection, to trigger a bug in the operating system that crashes out any app using SSL.
Broadly speaking, any app that uses SSL certificates – which is almost all of them – can be fed a dummy certificate that causes it to crash. If, however, you can feed that same dodgy data into the operating system itself, then the hardware will be thrown into a perpetual loop of failed restarts. That can be easily achieved if you can set up a WiFi network to behave like one of the trusted setups that iOS automatically tries to connect to. So, as Gizmodo says, all it takes is for someone to build a nefarious network, name it “attwifi” and they’ve got a honeytrap.