‘No iOS Zone’ flaw may crash unpatched iOS devices

BurnIconXA bug exists in iOS 8 that will allow a maliciously configured Wi-Fi hotspot to crash any iOS device that connects to it. The flaw, was found by security researchers at Skycure, and operates by manipulating SSL certificates. When your iPhone or iPad connects to one of these hotspots, it may suddenly restart, and then continue doing so in a loop as long as it attempts to reconnect to the same hotspot.

If your iPhone is caught in this bug after selecting a Wi-Fi hotspot and you are finding it restarting, then move out of the vicinity of the current Wi-Fi hotspot to allow your phone to boot properly. Then go to Settings > General > Reset and choose the option to reset network settings. This should clear your saved Wi-Fi hotspots and require you to select them again.

Next, go to Settings > Wi-Fi and be sure the option is enabled for asking to join networks. This will require you confirm any new Wi-Fi hotspot before your phone uses it. In general, avoid any unknown open Wi-Fi hotspots.

While this issue does affect iOS 8, Skycure claims that the latest iOS 8.3 update might have fixed some of the problems that allow for this bug to happen. Therefore, be sure that you install the update as soon as you can, and keep your phone up to date whenever new iOS releases are available.

3 thoughts on “‘No iOS Zone’ flaw may crash unpatched iOS devices

  1. lkrupp215

    “A bug exists in iOS 8 that will allow a maliciously configured Wi-Fi hotspot to crash any iOS device that connects to it.”

    My initial response to this is “so what?” What would be the motive to deploy this fake WiFi hot spot? There doesn’t seem to be a financial motive. How do you make money by crashing iPhones if you can’t steal personal data and credit card info? Are you going to attempt to extort someone over this? Who? Starbucks? “Send us money or iPhones users won’t be able to get online when they’re in your stores.” Really? How long would it take to figure out what’s going on and do something about it.

    Maybe some neckbeard loser would try to do this just for fun, I guess. I see this as another one of those interesting security flaws that would interest security researchers but the chances of it actually being found in the wild a re slim at best. Again, what’s the motive to do it?

    1. Topher Kessler Post author

      Pranking is not out of the question. In addition, when you can invoke a crash on a system, there is the possibility of including other malicious activity like executing arbitrary code, or corrupting and damaging the system. This might also be a problem for a company setting up Wi-Fi hotspots, where if such spots could be hacked and be set up with a malicious certificate or whatever else is behind this bug, then this could damage a company’s ability to serve its customers. In this case, the attack would be on the company and not directly on iOS users. There are organizations like universities that have massive Wi-Fi infrastructure to serve many people. In addition, one might set this up on a mobile hotspot (ie, Wi-Fi sharing through a laptop) to affect unsuspecting people at cafes, libraries, and other public areas.

      1. lkrupp215

        So basically we have another one of those flaw issues that will be fixed shortly and never be seen in the wild. Mind you, I’m not saying ignore these things but when the only words you can throw at them is “maybe”, “theoretically”, “might”, “could”, “in certain circumstances” it gets kinda silly and sounds alarmist.

        Similarly the recent “rootpipe” fix/not fixed kerfuffle sounds very serious until you realize it requires physical access. Physical access means you’re screwed no matter what.

        As a common user I’m just saying I’m not going to hide under my bed after turning my iMac off permanently.

Comments are closed.