According to a security researcher, it looks like the innocent % symbol is capable of disabling Wi-Fi on iPhones and other iOS devices.
As spotted by The Verge, Secret Club’s Carl Schou took to Twitter recently to tweet, “You can permanently disable any iOS device's Wi-FI by hosting a public Wi-Fi named %secretclub%power. Resetting network settings is not guaranteed to restore functionality.”
Two weeks earlier, Schou had tweeted that joining his personal WiFi which used the SSID “%p%s%s%s%s%n” permanently disabled his iPhone’s Wi-Fi functionality, with neither rebooting nor changing SSID offering a fix.
For the latest incident, Schou said that “you have to manually edit an iPhone backup and remove malicious entries from the known networks .plist” to fix the issue.
On June 20, the CodeColorist blog noted that the issue highlighted by Schou appeared to be a format string bug. More recently, 9to5Mac explained, “The ‘%[character]’ syntax is commonly used in programming languages to format variables into an output string. In C, the ‘%n’ specifier means to save the number of characters written into the format string out to a variable passed to the string format function. The Wi-Fi subsystem probably passes the Wi-Fi network name (SSID) unsanitized to some internal library that is performing string formatting, which in turn causes an arbitrary memory write and buffer overflow. This will lead to memory corruption and the iOS watchdog will kill the process, hence effectively disabling Wi-Fi for the user.
“Obviously, this is such an obscure chain of events that it is highly unlikely that any person accidentally falls into this, unless a load of Wi-Fi pranksters suddenly pop up in the wild with open Wi-Fi networks using the poisoned name. Until Apple fixes this edge case in a future OS update, just keep an eye out for any Wi-Fi networks with percent symbols in their name.”
9to5Mac added that the bug does not seem to cause permanent damage and that resetting all network settings to fix the issue should be possible.
Comments