The mobile security experts at zecOps have discovered that a Wi-Fi hotspot bug which breaks Wi-Fi connectivity on iPhones in a Denial of Service (DoS) attack, originally discovered last month, remains alive and kicking as a zero-day vulnerability on iOS 14.6, the latest publicly available firmware version for the iPhone.
The bug in question renders an iPhone incapable of detecting and connecting to Wi-Fi networks, and is triggered when the device connects to a Wi-Fi hotspot with special characters in the SSID that are interpreted as string-format specifiers (from C and C-style languages) instead of plain text characters, such as:
%p%s%s%s%s%n
After comprehensive tests, the folks at zecOps found that the vulnerability, which they have aptly named ‘WiFiDemon’, also exists in a zero-click form.
In its zero-click form, the user would not have to actually connect to a malicious hotspot for the vulnerability to be triggered — the damage would be done if their device had Wi-Fi turned on and simply detected the hotspot.
Thankfully, the zero-click vulnerability was patched in iOS 14.4, with Apple crediting “an anonymous researcher” for their help with it. Despite how big a security flaw it was, Apple did not release a Common Vulnerability Exposure (CVE) report for it.
WiFiDemon still exists as a zero-day vulnerability, even on iOS 14.6. What’s more, zecOps found that the bug doesn’t merely set off a DoS attack affecting Wi-Fi connectivity on the iPhone — it can actually be exploited by bad actors to perform a Remote Code Execution (RCE).
There’s a lot of damage that can be done if those with less than pure intentions find some way to perform an RCE on unsuspecting devices, especially if the medium is something as innocuous and common as a Wi-Fi hotspot.
Most iOS users aren’t in the habit of joining unknown Wi-Fi networks willy-nilly (or so one would hope, at least), and those who have learned about this possible exploit will ideally set Wi-Fi Auto-Join on their iPhones to Never in Settings > WiFi > Auto-Join Hotspot.
For those of its users who are out of the loop, and for the overall security of its prized product, Apple should patch this vulnerability soon.
