A critical vulnerability of iPhones with iOS 14

Apple's smartphones need no introduction. It is the most widely used phone device in the world with a huge base of supporters. Many people live under the assumption that Apple products are perfect and unbreakable. This makes the situation all the more critical when serious vulnerabilities are discovered, which then immediately compromise millions of devices around the world. In this article, we'll take a look at one such vulnerability, how to defend against it, and how to minimise the damage in case you fall victim to it.

Specifically, this is a programming bug in the core of the iOS operating system. The bug was found in version 14.4.2. The most current version of the operating system is 14.5.1, but users will probably see the bug fixed in iOS 14.7, which the company should release soon. This vulnerability is therefore currently affecting all iPhone owners.

What is the vulnerability and how can an attacker exploit it?

As mentioned above, this is a programming error, specifically a misinterpretation of special characters in Wi-Fi network names. Each programming language has defined symbols and reserved words that may have special meanings. Characters such as /, &, %, @' ', \, $, etc. can quote strings, define variables, refer to device RAM and so on. In this particular case, the use of % symbols in Wi-Fi network names has a negative impact. If it is the percentage symbols that appear in the name of a wireless network, they will be misinterpreted by the iOS kernel, which will then cause the part of the system responsible for connecting to wireless networks to crash. The error then persists even if the device is restarted or if the name of the target network changes.

Simply cutting the user off from connecting to wireless networks may not have such a critical impact, especially if it is a bug that the user is able to fix on his own. We'll discuss how to help yourself in this case later, but first I want to point out another vulnerability related to this bug. Researchers at ZecOps have discovered that the vulnerability can have a much worse impact. If the aforementioned percentages are followed by @ symbols in the Wi-Fi network name, an attacker is able to execute arbitrary code on a connecting iPhone. In this case, the attacker can infect the device, take control of it, obtain sensitive data, and perform other malicious activities. Researchers at ZecOps have dubbed this vulnerability WiFiDemon. This is a vulnerability that requires absolutely no interaction from the iPhone user and is therefore very critical.

Now, you may be thinking that all you need to do is avoid networks with suspicious names and the scenarios described above won't apply to you. This is not entirely true, as attackers are extremely resourceful and can even force you to connect to their fake Wi-Fi network. There are methods and techniques where the attacker's goal is just to connect the victim to his wireless Wi-Fi network. The very popular "Captive Portals" and "Evil Twins" are used to doing this (see the article dealing with this issue). In short, these are mostly unencrypted access points with some enticing name like "Free Starbucks WiFi".  What if the network was called, for example, "Free S%@rbucks Wifi"?

How can iPhone owners effectively defend themselves?

First, it is important to be careful where one connects. Don't trust public Wi-Fi networks, especially the free ones. Creating a fake network takes a matter of minutes and attacks like Captive Portal or Evil Twin are very common. It's a good idea not to have automatic connections to wireless networks set up, as even these can be spoofed by targeted attacks on access points and your device can literally be forced to connect to the spoofed network. Install security updates on all your devices.  The second of the vulnerabilities mentioned has already had a security update released earlier this year, but since iPhones are so massively prevalent, it's safe to assume that a high percentage of users may still be at risk from this flaw.

In case you've already fallen victim to this attack and your iPhone is currently unable to connect to wireless networks, there are ways you can help yourself. You need to reset the network settings of your operating system. If you follow these three steps, you should be able to restore your device's ability to connect to Wi-Fi networks.

  1. Open Settings and select General Settings
  2. Select Reset
  3. Click Reset Network Settings to reboot the device and the network settings will be reset to factory defaults. This step will not affect the data stored on your phone

People aren't perfect and make mistakes. That's why sometimes cases come to light that can inadvertently affect millions. However, this is a prime example of why we should never completely rely on technology and should constantly think about and evaluate the risks of our actions. Even a simple connection to an oddly named wireless network can have a critical impact, such as leaking sensitive data.


Update: Apple has already released a patch for vulnerabilities, and on July 26, 2021, it also released an update that eliminates the exploitation of these vulnerabilities.