iPhone warning: This network name can disable Wi-Fi on your phone

(Image credit: Malte Helmhold via Unsplash)

A couple of weeks ago, security researcher Carl Schou found a quirky iPhone bug where the device’s Wi-Fi could be disabled by connecting to a network with the SSID of “%p%s%s%s%s%n”. It’s safe to say that the chances of doing this by mistake were pretty low, and it was more interesting as a rare modern sighting of the age-old format-string bug.

But now Schou has discovered a related zero day bug that may both be easier to fall victim to, and harder to fix if you do. 

“You can permanently disable any iOS device's WiFI by hosting a public WiFi named %secretclub%power,” Schou tweeted. “Resetting network settings is not guaranteed to restore functionality.”

It’s not clear if the bug requires you to connect to said mischievous network, or simply for the iPhone to scan it. If it’s the latter, that means that anybody could set up a hotspot with the iPhone-breaking name in a busy place, and enjoy the carnage.

Schou was initially nonplussed as to how to fix his device, tweeting that resetting the network and force-restarting the iPhone did nothing. Eight hours later, his iPhone was working again, but using a method that’s likely beyond the abilities of the majority of owners. 

“To restore WiFi functionality, you have to manually edit an iPhone backup and remove malicious entries from the known networks .plist,” he tweeted.

Schou reached out to Apple’s device security team to alert them of the bug, and you would imagine a fix will be issued pretty urgently — hopefully before the loophole is exploited maliciously.

There is some good news, however. It’s possible that this is not quite as bad as it seems, and could actually be the culmination of two bugs combining. Schou retweeted a thread by @wr3nchsr, which suggested that the hard reset/backup edit option may only be required if the phone comes into contact with two malicious SSIDs. 

If that’s the case, then trolls would have a far harder time using this exploit maliciously, as it’s the kind of thing that you’re only likely to run into if you’re a security researcher actively looking for trouble. All the same, we would expect Apple to fix this pretty quickly, as the previous bug doesn’t seem to impact Android devices at all. 

TOPICS
Alan Martin

Freelance contributor Alan has been writing about tech for over a decade, covering phones, drones and everything in between. Previously Deputy Editor of tech site Alphr, his words are found all over the web and in the occasional magazine too. When not weighing up the pros and cons of the latest smartwatch, you'll probably find him tackling his ever-growing games backlog. Or, more likely, playing Spelunky for the millionth time.