While I can certainly agree it would be annoying, a nuisance and productivity-hindering, calling this "catastrophic" is probably overdoing it a tad much.
Catastrophic means by definition that it's related to or involves a catastrophe. iPhone-users not being able to use their iPhones hardly counts as that, no matter where on the planet that happens.
With all that said: Neat hack. Now I feel like reproducing it :)
An example of the sort of thing that gives me doubts. They refer to another supposed demonstrated attack called "Wifigate", which no-one has been talking about, except for themselves. And when you read the details, they claim that iPhones come preloaded with a bunch of WiFi SSIDS that the phone will automatically connect to. mostly telecommunications companies. Up until recently I used to work for one of those listed companies, and I have owned iPhones continuously since the iPhone 3G. I can tell you categorically that iPhones do not automatically connect to SFR wifi hotspots like this company claims. This fact destroys an important part of their claim for this current "attack", that you can be affected even if you've never connected to a Wifi hotspot.
So that's one guaranteed example of exaggeration right there, which seeing as it's the only piece of information in the article that I'm capable of verifying myself, makes me very distrustful of the entire article.
However it's supposed to connect with EAP-SIM . Skycure mentions that "some of [those] bundles include SSID passwords". Do they mean that only those would make devices vulnerable? Could you let us know if SFR uses EAP-SIM or a basic PSK?
It could be that iPhones connect automatically only to EAP-SIM preloaded networks.
My understanding is that AT&T wifi users have to connect just once to attwifi and then going forward it will connec to the SSID whenever it sees it, which is a lot considering its in every McDonalds and Starbucks and other locales.
Some people say their phone connects to attwifi without once first connecting to it. This article from last year supports that claim:
> Settings for AT&T iPhones, for instance, frequently instruct the devices to automatically connect to a Wi-Fi network called attwifi when the signal becomes available. Carriers make the Wi-Fi signals available in public places as a service to help subscribers get Internet connections that are fast and reliable.
>Sharabani said the settings that cause AT&T iPhones to automatically connect to certain networks can be found in the device's profile.mobileconfig file.
If anything, this shows how unreliable wifi security is. I could see a next-gen wifi that uses SSL cert-like signing to verify identity and stop spoofers. Wifi is still the wild west.
I'm not fully up on exploitable iOS tricks, but it sounds like they're spoofing a BSSID to be one that the iOS device has already connected to (because iOS devices broadcast this when scanning for networks IIRC?), but has RADIUS authentication with a specially crafted server certificate that manages to crash the network stack.
Not anymore, Apple fixed that in recent iOS versions. Probe requests are not divulging SSIDs anymore. However WifiGate uses common SSIDs and network operators preloaded ones as honeypots.
However I did see a lots of probe requests WITH a SSID parameter set but those were not coming from my devices :). I assumed they were not up to date.
I am very interested to know if the probe requests you're seeing are also coming from unknown devices: if they aren't, could you provide us with the iOS version you're using/testing with?
So it only crashed the whole device if the device was under 'heavy use', which seems to contradict the claim that it renders devices unusable immediately.
Large utiltity plant... iOS... large utility plant... iOS...
Did I miss the post where large utility plants said "Why we stopped using closed control systems for our reactors and switched to iPads" ?
How illegal is it to set up a Wi-Fi network with an SSL certificate? Are you responsible for the fact that iOS has a bug in the certificate handling?
If you're crashing/DOSing a remote internet-server by exploiting your knowledge of a bug in the server-software, you may technically just be "sending data", but in court it's the intent which makes it hacking, vs just accidentally crashing something.
I would expect this to be treated similarly, but ofcourse legal IT is a jungle of randomness in itself, so I won't make any guaranteed predictions :)
"The researchers say they have warned Apple of the error, and are refraining from releasing technical details about it until after the company has issued a fix. Apple did not respond to a comment request ahead of publication."
If iOS would actually try to find WiFi networks with WiFi turned off, that would be a much bigger story than some exploitable vulnerability. This whole story smells of sensationalism over facts.
I'm pretty sure wifi needs to be on for location assistance (Google Maps complains about this all the time).
From 4.3 you can have Wifi "off" but still allow location through WiFi.
If this lead to a way to grab information from the phoen that would be more damaging, than a simply a denial of use in a delimited area.
This earlier bug called WiFiGate has a list of pre-populated trusted wifi networks. From the same group https://www.skycure.com/blog/wifigate-how-mobile-carriers-ex...
Edit: according to the article you linked (under the consumers section), iOS has no interface for doing this. I find this pretty appalling.
I 'forgot' the attwifi SSID long ago, and I have never had my phone try to auto-connect to one, even though they are everywhere.
The article ignores this because it weakens the headline.
"We knew that any delay in patching the vulnerability could lead to a serious business impact: an organized denial of service (DoS) attack can lead to big losses."
Edit: (See below comments)
I actually have the equivalent of what you are talking about disabled on my phone (android), as it creates a popup context menu that is too easily pressed 'accessing random open networks'. You want the user to have to open the wifi settings and select a network they know / have preconfigured, not some open network that the phone is eager to join.
tl;rl: iOS will only join known networks – toggling this setting will make it easier to join networks when no known networks are in range.
edit: Link to the relevant section in the manual: https://help.apple.com/iphone/8/#/iph1b489c85f
However according to this post by the same researchers:
There is no way to disable the carrier pre-configured wifi hotspots which have been proven to be easily spoofable.
If a device will "only connect to known networks", that means that it sends out an ARP request. In a nutshell, the phone shouts wirelessly «HEY! IS BILL WI THE SCIENCE FI AROUND?»
You can very easily set up a system that will respond to every single ARP request and then 'broadcast' that SSID.
If you broadcast the SSID, with no password, and the device sees it, then it will connect to this 'known' network.
That's a big problem
You seem to have confused IP address resolution with wi-fi access point discovery. ARP requests don't happen until after a device is associated with a wi-fi access point.
It is possible to arrange for a device to scan for wi-fi networks passively, so the device will not be detected until it actually discovers and attempts to connect to a particular network.
At the university I go to, a laptop is essentially a requirement for a lot of classes.
The issue is not the devices, it's how they're used.
Besides, at least in my experience, trying to ban websites, devices, etc in schools doesn't actually work and just leads to kids getting around it, and continuing to do what they were doing before.
The internet censorship in particular got to be pretty absurd at my highschool, I remember not being able to register Native Instruments hardware in my engineering class because their site was blocked for 'having a toolbar'...
And yet those of us that wanted free roam on the internet brought smartphones or used ultrasurf etc, but even the teacher couldn't access the registration site without us bypassing the filters while he looked the other way.
Devices are tools. You shouldn't ban tools. You should teach people how to use them effectively.
Plus, it's way faster (and tidier) to take notes in a laptop rather than pen+paper.
Also, I've had a few students with disabilities who could not use pen and paper, but could write with special keyboards. And blind ones. Maybe we should tell them to stay out as well.
My firewall always limited usage by OS. Linux and my desktop had the full fire hose. Everything else 75% and Apple products had 10% and video played at only low quality.
The only way people could get the 75% was to connect with their iPhone to my guest wifi Apple_Evil and type in the password applesucks. Great funs, but this hack, you get to personally own up and see their faces and not break stuff.
What ever happened to promoting OSS by making it better? Forcing people to play juvenile games seems like a great way to turn everyone off on Linux permanently.
For example, a stateful antivirus scanner turns on only for Windows machines. Or with Linux, certain connections and services are made available. Or it can also be used as a layer of defense in security (we know we have 2 windows machines and 3 linux machines, mac addresses bla bla, throw security tripwire).
If I can't mess with them and their friends it is a sad life :)
I am not forcing anyone to do Linux. I just know if I jump on my machines I got top priority and my son's league of legends game isn't going to bother me one bit nor my kids watching Netflix or YouTube videos. Also everyone has a laugh when they realize what is happening because they forgot.
Do you require Apple devices to be deposited in the letterbox, as in Better Call Saul?
How deep does this go? Do you avoid software which might have been compiled with clang, for instance?
I shudder to think what my middle school self would think of me as I type this from my MBP. I use a Mac as my laptop. So what? I run Linux on my desktop and have an Android phone. This all seems unnecessarily petty.
The fastest computers are computers with PowerPC CPUs.
The rest of the tech people were like how can a PowerPC CPU be faster? It is plain 1 and 0 and the more 1 and 0 you get through the faster the processor. It ended up being 4 to 6 times faster. The Apple fanboys were famous for this time of Apple history. Also Apple knew the truth since they were always running an x86 OS X for 5 years and knew the numbers and just were fine spreading "Apple Truths."
Sorry I digressed...
> Also Apple knew the truth since they were always running an x86 OS X for 5 years and knew the numbers and just were fine spreading "Apple Truths."
Consider what would have happened if the Intel switch had happened two years earlier. Take the iBook (then, AFAIK, Apple's best-selling product). They could have gone to Pentium M (the P3-based one), which was at best in the same speed range as the G4s used in Apple laptops, and used somewhat more power, resulting in diminished battery life. Or they could have gone to Pentium 4-M (the P4-based one), which would have been somewhat faster, and used vastly more power, resulting in massively diminished battery life.
Apple also at the time had the not unreasonable expectation that IBM would produce faster PPC970s, and mobile-suitable PPC970s, as was in their roadmap.
The Intel switch happened because it made sense at the time; the Core Duo laptops resulted in better performance vs the G4 and only a modest battery life it, while the high-end desktop waited for the Core 2 Duo Xeons, which resulted in better performance vs the G5. It would not, however, have made sense much earlier.
Obviously, they had MacOS 10 running on x86; NeXTStep did, after all, and it'd never be wise to close off options. I mean, _Windows_ supported PPC, Alpha and MIPS for a long time.
Except that time when I skipped my Senior year of High School and watched a matinée of Ferris Buehler's Day Off.