Bug in iOS can break iPhone Wi-Fi using rogue hotspot name
A bug has been discovered in iOS that can disable an iPhone's ability to connect to Wi-Fi hotspots, if it attempts to initially connect to a hotspot with a specific name that breaks the function.
Security researcher Carl Schou gave a personal Wi-Fi hotspot a name of "%p%s%s%s%s%n." On trying to connect to the hotspot, Schou discovered the iPhone simply couldn't connect to it at all, and later discovered that it disabled Wi-Fi connectivity completely on the device.
Attempts to connect to other hotspots failed, with the issue continuing to mainifest after changing the hotspot's SSID and rebooting the iPhone, according to BleepingComputer. The issue was also confirmed by others testing out the same SSID name separately.
Tests also point to it being a problem just with iPhones, as Android devices appear to connect to the unusually-named access point without issue.
Other researchers examining the phenomena believe it is an issue with input parsing, in that the percentage sign at the start may be misinterpreted by iOS as a string-format specifier, in that characters following may be a variable or a command rather than plain text.
To fix the problem on affected iPhones, users have to reset their iOS network settings.
Keep up with everything Apple in the weekly AppleInsider Podcast -- and get a fast news update from AppleInsider Daily. Just say, "Hey, Siri," to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too.If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple's Podcasts app, or via Patreon if you prefer any other podcast player.AppleInsider is also bringing you the best Apple-related deals for Amazon Prime Day 2021. There are bargains before, during, and even after Prime Day on June 21 and 22 -- with every deal at your fingertips throughout the event.
Security researcher Carl Schou gave a personal Wi-Fi hotspot a name of "%p%s%s%s%s%n." On trying to connect to the hotspot, Schou discovered the iPhone simply couldn't connect to it at all, and later discovered that it disabled Wi-Fi connectivity completely on the device.
Attempts to connect to other hotspots failed, with the issue continuing to mainifest after changing the hotspot's SSID and rebooting the iPhone, according to BleepingComputer. The issue was also confirmed by others testing out the same SSID name separately.
After joining my personal WiFi with the SSID "%p%s%s%s%s%n", my iPhone permanently disabled it's WiFi functionality. Neither rebooting nor changing SSID fixes it :~) pic.twitter.com/2eue90JFu3
-- Carl Schou (@vm_call)
Tests also point to it being a problem just with iPhones, as Android devices appear to connect to the unusually-named access point without issue.
Other researchers examining the phenomena believe it is an issue with input parsing, in that the percentage sign at the start may be misinterpreted by iOS as a string-format specifier, in that characters following may be a variable or a command rather than plain text.
To fix the problem on affected iPhones, users have to reset their iOS network settings.
How to reset network settings in iOS
- Open Settings
- Select General then Reset
- Select Reset Network Settings
- Confirm the request.
- Once the iPhone has restarted, set up your Wi-Fi as normal.
Keep up with everything Apple in the weekly AppleInsider Podcast -- and get a fast news update from AppleInsider Daily. Just say, "Hey, Siri," to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too.If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple's Podcasts app, or via Patreon if you prefer any other podcast player.AppleInsider is also bringing you the best Apple-related deals for Amazon Prime Day 2021. There are bargains before, during, and even after Prime Day on June 21 and 22 -- with every deal at your fingertips throughout the event.
Comments
What i'm wondering is whether the WiFi name showed up under the list of WiFi available to join or did he have to manually enter that WiFi name under "join other network"? If I set up a WiFi network named "%FreeWiFi", would it disable the iPhone WiFi of unsuspecting iPhone users that tried to join because they were tempted by the name to select it from the list of available WiFi networks in the area?
The bug shuts down a key part of the iOS software stack but, believe it or not, that’s not the serious part.
For this particular bug, it's only affecting the process that writes to a log file. But Elijahg and Rayz2016 are correct: it's yet another instance of Apple software not checking the data inputs properly, and that is HUGELY serious. A few months ago there was another bug of similar type in macOS; GateKeeper failed to check for the presence of certain files within an app bundle and thus allowed a shell script file to run SILENTLY - no check for notarisation, no scan for malicious code, NOTHING. This (long) article has more details: https://www.objective-see.com/blog/blog_0x64.html
Frankly, for a company as committed to security as Apple is, it's not good enough. This is a systemic, recurring pattern of behaviour. The toolchain needs to be updated to routinely check for this sort of thing, and every programmer in the company needs to undergo mandatory secure coding training. Delay the annual OS cycle - the stuff announced at WWDC this year isn't all going to be ready for release at the official ship date, so take advantage of that to make these changes. Delay stuff until next year's release if you have to - people have been clamouring for more stable software anyway.
JUST.GET.IT.FIXED.