A few weeks ago, security researcher Carl Shu discovered a quirky iPhone bug that allowed users to disable the device's Wi-Fi by connecting to a network with an SSID of "%p%s%s%s%s%n." The likelihood of doing this by mistake is fairly low, and it is fair to say that it was more interesting as a rare modern sighting of an old format string bug.
Now, however, Schou has discovered a related zero-day bug that is more easily victimized and may be more difficult to fix if victimized.
"You can permanently disable WiFI on iOS devices by hosting a public WiFi named %secretclub%power," Schou tweeted." Resetting network settings does not guarantee restoring functionality."
.
It is unclear whether the bug is asking to connect to that naughty network or simply requiring the iPhone to scan it. If the latter, it means that anyone can set up a hotspot with a name that breaks the iPhone in a busy area and enjoy the carnage.
Shu was initially baffled as to how to fix his device, tweeting that resetting the network and forcefully rebooting his iPhone did nothing. 8 hours later, his iPhone was working again, but beyond the capabilities of most owners likely used the method.
"To restore WiFi functionality, you need to manually edit your iPhone backup and remove the malicious entries from your known networks.plist," he tweeted.
Shu contacted Apple's device security team and alerted them to the bug.
However, there is some good news. It's not as bad as it looks and may actually be a combination of two bugs; Schou retweeted @wr3nchsr's thread and only requires a hard reset/backup edit option if the phone comes in contact with two malicious SSIDs He suggested that there is a possibility.
If so, it would make it much harder for trolls to use this exploit maliciously. We expect Apple to fix this bug quickly, as the previous bug did not seem to affect Android devices at all.
Comments