SSL certificate parsing vulnerability could force iOS devices into endless reboot loop

Pierluigi Paganini April 24, 2015

Israeli security researchers have discovered a SSL certificate parsing vulnerability affecting iOS devices that could force them into endless reboot loop.

Yair Amit and Adi Sharabani, security experts at the Israeli security firm Skycure have demonstrated at the RSA Conference 2015 the exploitation of a vulnerability that can force any Apple iPhone or iPad into a perpetual reboot loop.

The experts explained that the flaw is an SSL certificate parsing vulnerability affecting iOS 8.0 and fortunately, the IT giant is already working on a fix.

The experts discovered the SSL certificate parsing vulnerability while they were investigating o other security issues. During a test session, they installed a new router by configuring it with specific settings, surprisingly, experts noticed that the devices in the laboratory begin to crash.

After developing a script to exploit the bug over a network interface, researchers found they could repeatedly crash apps.

“Under certain conditions, we managed to get devices into a repeatable reboot cycle, rendering them useless,” Amit wrote in a blog post. “Even if victims understand that the attack comes from a Wi-Fi network, they can’t disable the Wi-Fi interface in the repeated restart state as shown in the video.”

The experts highlighted that the vulnerability needs another WiFi vulnerability to work, but once exploited an attacker could create an areas where any Apple device running the flawed iOS could repeatedly crash, so called “no iOS zones.”

SSL certificate parsing vulnerability 1

In 2013, the experts have developed a technique to force external devices to connect to their malicious network automatically, they dubbed it WiFiGate. Now they explained that by combining WiFiGate with the new flaw that could create a “no iOS zone”.

“In 2013, we disclosed another vulnerability, which we called WiFiGate. In a nutshell, the impact was that an attacker could create their own network, and force external devices to automatically connect to it. Combining techniques such as WiFiGate or Karma attacks with this new discovery can allow an attacker to form a “No iOS Zone”. ” states the report.

“Basically, by generating a specially crafted SSL certificate, attackers can regenerate a bug and cause apps that perform SSL communication to crash at will,” Amit said.

The researchers have reported the SSL certificate parsing vulnerability to Apple that hasn’t contacted them, for this reason Skycure made public its disclosure.

At this moment, there is no information regarding a release date for a fix by Apple that could solve the SSL certificate parsing vulnerability.

Pierluigi Paganini

(Security Affairs – SSL certificate parsing vulnerability, data breach, Deep Web)



you might also like

leave a comment