'1970' date bug could be used to wreck pre-iOS 9.3.1 devices over Wi-Fi, researchers say
Though the issue was nominally fixed with iOS 9.3, the "1970" date bug can theoretically be used to intentionally brick any pre-iOS 9.3.1 device, according to a pair of security researchers.
If an iOS device is set to connect to a trusted Wi-Fi network automatically -- such as a cable company's free hotspot -- a hacker mimicking that network's name can trick a device into setting the wrong time, said Patrick Kelley and Matt Harrigan, cited by Krebs on Security. This is possible because iOS regularly tries to connect to an NTP (network time protocol) server to keep time in sync.
In some cases all that's needed is to spoof time.apple.com, and run some custom software on a device as simple as a $35 Raspberry Pi. iPhones may be more difficult to deceive, since they typically update time through GSM, but a GSM antenna could be used.
Forcing a vulnerable device's time back to January 1, 1970 can cause it to "brick" after a reboot. iPads tested by Kelley and Harrigan wouldn't unlock, and would eventually overheat and fail to boot at all.
Apple reportedly confirmed the vulnerability, and coordinated the release of Kelley and Harrigan's findings so a fix would already be available. In its own testing, however, Apple said that iOS 9.3 definitely solved the bug, and that it was unable to force a provided iPad Air to get any hotter than 45.8 degrees Celsius. The company added that it was able to restore the iPad to iOS 9.3 or 9.3.1 using iTunes, even though Kelley and Harrigan's test units stopped working with the software.
If an iOS device is set to connect to a trusted Wi-Fi network automatically -- such as a cable company's free hotspot -- a hacker mimicking that network's name can trick a device into setting the wrong time, said Patrick Kelley and Matt Harrigan, cited by Krebs on Security. This is possible because iOS regularly tries to connect to an NTP (network time protocol) server to keep time in sync.
In some cases all that's needed is to spoof time.apple.com, and run some custom software on a device as simple as a $35 Raspberry Pi. iPhones may be more difficult to deceive, since they typically update time through GSM, but a GSM antenna could be used.
Forcing a vulnerable device's time back to January 1, 1970 can cause it to "brick" after a reboot. iPads tested by Kelley and Harrigan wouldn't unlock, and would eventually overheat and fail to boot at all.
Apple reportedly confirmed the vulnerability, and coordinated the release of Kelley and Harrigan's findings so a fix would already be available. In its own testing, however, Apple said that iOS 9.3 definitely solved the bug, and that it was unable to force a provided iPad Air to get any hotter than 45.8 degrees Celsius. The company added that it was able to restore the iPad to iOS 9.3 or 9.3.1 using iTunes, even though Kelley and Harrigan's test units stopped working with the software.
Comments
This story has legs for maybe two days. Then it disappears along with all other so-called serious flaws. Let me know if this actually happens.
iPhone goes deep into the B.C. era and forward past 5,000 A.D.
Like why?
The iOS 9.3.1 update ONLY had changes to swcd, SharedWebCredentials.framework, symptomsd (all for the links bug), and mobileactivationd (for the iCloud activation bug present on iOS devices released in 2013 or earlier). It had no other changes.
The video shown was originally filmed on February 24th, as you can see by the date in the one console. This is before the release of iOS 9.3, so the iPad was running iOS 9.2.1.
The reason why the researchers said "upgrade to iOS 9.3.1" was because it was the latest version available when they decided to post the video on Tuesday and it is bad form to recommend they update to 9.3 when 9.3 still had the nasty links bug from iOS 9.0.