All Apple news

Vulnerability in iOS 9.3 allows you to remotely turn in “brick” any iPhone and iPad

Two months ago in iOS found a dangerous flaw that is associated with a transposition date. If the devices to transfer on 1 January 1970, after the reboot, the iPhone goes in cyclic reboot. Apple fixed the vulnerability in iOS software release 9.3.1. Devices that haven’t upgraded to new OS version, vulnerable to attacks based on this security flaws.

The reception, which was described by experts Patrick Kelly and Matt Harrigan, allows you to automate the process of transforming the iPhone into a “brick”. The trick with mass lesions surrounding gadgets based on the fact that they constantly check the NTP server for time synchronization. Experts conducted an experiment and almost without effort managed to bring down the iOS devices on older versions of the operating system.

It is known that iPhone and iPad will automatically connect to familiar Wi-Fi. In fact, there are quite a few hotspots with guessable names. For example, knowing the name of the point in a cafe or fast food restaurant, you can direct attack for its visitors. But to harm a particular victim, it helps to know the name of her home hotspot.

All that is required is to install a fake access point with the specified identifier and intercept the traffic to time.apple.com use the program dnsmasq. As a result, all vulnerable iOS devices will be damaged. The user initiates a reboot, and after that the plates start to rise. The authors registered the iPad in the heating experiment up to 54°C. the Process takes 15-20 minutes.

The vulnerability exploitation is possible on all 64-bit devices running iOS 9.3 and under. Experts note that unlike iPad, smartphones Apple get a date via GSM, so you have to emulate a GSM network using OpenBTS utilities.

Kelly and Harrigan strongly recommended all iPhone and iPad owners can update the device to iOS 9.3.1.

Leave a Reply

Your email address will not be published. Required fields are marked *