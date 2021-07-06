



Over the weekend, iPhone owners around the world were warned about the potentially serious consequences of the ambiguous new iPhone hack. Now, new developments strongly suggest that those fears are about to come true.

New research warns about the broader security implications of the new iPhone WiFi hack

Increased damage

The first development was done through Carl Shou, the reverse engineer who first discovered the hack. Shou discovered that joining a WiFi network whose name contains a specific symbol (SSID) could disable WiFi on the iPhone until the phone’s network settings are reset. Shou has since succeeded in increasing the damage caused by this hack. WiFi is only restored from a custom factory reset that manually edits the iPhone backup file to remove the malicious entry.

Concerns have already been expressed that this hack (known as a flaw in the format string) can be amplified. The final game is to use it to inject malicious code across your device or network and execute it.

Hidden threat

Behind the scenes of this escalating threat was that iPhone owners had to join a strangely named WiFi network in order to be hacked. However, the second development suggests that this may no longer be the case.

Amichai Shulman, CTO of Wireless Security Specialist AirEye, tells me that our research team builds network names in a way that doesn’t expose users to strange characters and makes them look like legitimate existing network names. It was revealed that it was possible.

Is WiFi Hotspot Spoofing a Real Terror for Smartphone and Laptop Users?

Amichai warns that investigations are still underway, but if hackers can spoof popular WiFi hotspots, iPhone owners will say that the hotspots they join will destroy devices and plant software I have a hard time deciding if I can break into my home or work network.

Firewalls, NACs, and secure WLANs do not protect against this type of attack because attack traffic is not part of the corporate network, and most traditional network security solutions are completely unaware of it, Amichai said. I will explain. Attack traffic can be sent over channels that are not used for corporate network traffic. As a result, the attack is not detected by the network security solution and leaves no trace in the forensic and network logs.

According to Amichai, AirEyes tests show that the MacBook may also be vulnerable, but format string flaws can also occur on Android, Windows, and Linux devices. Aerial attacks are a new, unaddressed threat vector. Given their stealth, he concludes that more such attacks should be seen.

Soon, Apple will need to patch this particular flaw in the iPhone, hoping that a priority fix will be released in either iOS 14.7 (currently in beta testing) or a dedicated iOS 14.6.1 security update. I have. At that point, a new potentially high-stakes game of Whac-A-Mole could be developed between hackers and big tech companies.

Joining a WiFi network will never be the same.

