New malformed Wi-Fi name bug can require iPhone factory reset to fix
A bug in the way iOS handles Wi-Fi hotspot names is apparently worse than first thought, with one malformed SSID found to disable Wi-Fi access on an iPhone completely, requiring a factory reset to rectify it.
In June, security researcher Carl Schou discovered a personal Wi-Fi hotspot name of "%p%s%s%s%s%n" causes problems for iOS devices. It was found that iPhones simply couldn't connect to the hotspot, and in fact disabled Wi-Fi connectivity in some instances.
While that issue could be fixed by reseting the network settings within iOS, Schou has since discovered a variant along the same lines that can cause more harm to an unsuspecting iPhone. According to Schou in a tweet on Sunday, using the SSID "%secretclub%power" can disable an iOS device's Wi-Fi capabilities, with no guarantee that a network settings reset will restore connectivity.
Schou claims the iPhone used to test still didn't have Wi-Fi after repeated resets of network settings and a forced restart of the iPhone. The researcher has also contacted Apple's device security team over the matter, but has yet to hear anything back.
The original bug was believed to be an issue with input parsing, where the percentage sign could be misinterpreted by iOS as a string-format specifier, namely that characters following the symbol could be considered a variable or a command instead of plain text.
While the new SSID does jokingly promote Secret Club, a technology exploration group Schou is involved with, the use of the percentage signs followed by the characters S and P are most likely the problem areas for the hotspot name bug. Analysis of the issue confirms a format string bug is behind it, though it doesn't seem to be a highly exploitable vulnerability for a bad actor.
It is highly likely that there are many more combinations of text strings that could cause problems within iOS in this manner, but only until the bug is patched out by Apple. While the company is beta-testing iOS 14.7 and iOS 15, it is unclear if the issue will be fixed in those releases by the company.
For the moment, AppleInsider recommends users don't connect to unfamiliar Wi-Fi access points, especially if they include unusual symbols.
Keep up with everything Apple in the weekly AppleInsider Podcast -- and get a fast news update from AppleInsider Daily. Just say, "Hey, Siri," to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too.If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple's Podcasts app, or via Patreon if you prefer any other podcast player.
In June, security researcher Carl Schou discovered a personal Wi-Fi hotspot name of "%p%s%s%s%s%n" causes problems for iOS devices. It was found that iPhones simply couldn't connect to the hotspot, and in fact disabled Wi-Fi connectivity in some instances.
While that issue could be fixed by reseting the network settings within iOS, Schou has since discovered a variant along the same lines that can cause more harm to an unsuspecting iPhone. According to Schou in a tweet on Sunday, using the SSID "%secretclub%power" can disable an iOS device's Wi-Fi capabilities, with no guarantee that a network settings reset will restore connectivity.
You can permanently disable any iOS device's WiFI by hosting a public WiFi named %secretclub%power
Resetting network settings is not guaranteed to restore functionality.#infosec #0day-- Carl Schou (@vm_call)
Schou claims the iPhone used to test still didn't have Wi-Fi after repeated resets of network settings and a forced restart of the iPhone. The researcher has also contacted Apple's device security team over the matter, but has yet to hear anything back.
The original bug was believed to be an issue with input parsing, where the percentage sign could be misinterpreted by iOS as a string-format specifier, namely that characters following the symbol could be considered a variable or a command instead of plain text.
While the new SSID does jokingly promote Secret Club, a technology exploration group Schou is involved with, the use of the percentage signs followed by the characters S and P are most likely the problem areas for the hotspot name bug. Analysis of the issue confirms a format string bug is behind it, though it doesn't seem to be a highly exploitable vulnerability for a bad actor.
It is highly likely that there are many more combinations of text strings that could cause problems within iOS in this manner, but only until the bug is patched out by Apple. While the company is beta-testing iOS 14.7 and iOS 15, it is unclear if the issue will be fixed in those releases by the company.
For the moment, AppleInsider recommends users don't connect to unfamiliar Wi-Fi access points, especially if they include unusual symbols.
Keep up with everything Apple in the weekly AppleInsider Podcast -- and get a fast news update from AppleInsider Daily. Just say, "Hey, Siri," to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too.If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple's Podcasts app, or via Patreon if you prefer any other podcast player.
Comments
Even a factory reset has not solved the issue.
PW has also been changed.
Databases usually have “illegal” characters stripped, and it has, in my past experience, been extremely irritating to see which characters certain databases dislike (inconsistently), because of how it limits the human usage of said databases. There are still systems on the internet that refuse to accept modern password strength requirements (government and corporate), forcing a maximum of 8 characters for password and/or user ID. What outdated software are they running??
We generally find protection against storing illegal characters, such as in file & volume name dialogs. That same process isn’t used to limit WiFi IDs? Is there not a formalized definition for a WiFi ID’s allowable characters?
Why, in modern computing, is it still possible to break things via “unexpected” characters?
2) I don't feel like Apple gives enough attention to their WiFi settings. Since the iPhone debuted it has bugged me that once I select the type of security (e.g.: WPA2) it doesn't jump back to the previous page or have a Next button, but instead makes you manually choose Back. I can't tell you how many time I tap and then wait for something to happen only to remember I have to do it. This isn't a dealbreaker, but it's just lazy and a lack of consistency when everything else works a certain way.
On macOS I waited years for them to hide all the possible SSIDs that I've never connected. A couple years ago they finally did that so many there is hope for the other. I think they did add WPA3 support at some point. Hopefully they'll do a housecleaning of WiFi in the coming months.
Unfortunately this problem is specific to many WiFi product manufacturers (not giving Apple an out here - shame on Apple, we expect better). I had an IR emitter devices, used for home stereo automation, that had an iOS app to control it. When you first set it up, you connected to it's WiFi, and configured your home WiFi. It would never connect to my home WiFi. I worked with the hardware/software developer, and they were not parsing the pre-shared key correctly on the hardware device (ran Linux, on a SoC). The ";" in my password was fouling it up. They fixed it after my troubleshooting with them. The product was called RedEye, made by Thinkflood.
And there are many other WiFi hardware products that do not allow "approved" special, printable ASCII characters. They don't want to bother with parsing them correctly. You'll find this in some Router/WiFi documentation.
- The general flattening of any kind of skill-based hierarchy, i.e., no discernible path that entry level people ascend through the ranks.
- The primary focus on productivity over correctness, efficiency, and consequences, in languages, tools, and breadth of testing.
- Unbounded growth in software size, complexity, and rate of change.
One possible antidote for some of these issues is to keep some developers around who are especially proficient and knowledgeable in the parts of the architecture that require exacting attention to detail required to interact with low level system/kernel services while using unforgiving languages like C/C++/Objective-C build libraries for developers working in higher level “productivity” languages like Swift and C# to consume - and have some architects around who know how all the pieces at all levels need to work together.
It’s a people related problem, not a technology related problem.