According to BleepingComputer, a newly discovered iOS bug completely breaks the Wi-Fi functionality on iPhones when they connect to any WiFi network or hotspot with the following SSID (name):
%p%s%s%s%s%n
On an affected iPhone, WiFi connectivity breaks entirely — the user can’t even enable WiFi, and in the event that they manage to do so, the iPhone fails to connect to any and all networks in the vicinity.
The bug was discovered by reverse engineer Carl Schou when he tried connecting to his personal WiFi hotspot with the culprit SSID on his iPhone XS running on iOS 14.4.2.
BleepingComputer managed to successfully recreate the bug on iOS 14.6, so it appears that the upcoming iteration of the Operating System doesn’t include a patch for this exploit as of yet.
Security researchers have deduced that a string vulnerability is likely at the root of this issue. iOS may be mistakenly interpreting the characters following “%” in the SSID as string-format specifiers (from C and C-style languages) instead of just plain text characters.
Once an iPhone falls victim to this problem, rebooting the device or changing the name of the WiFi hotspot doesn’t undo the damage.
The only thing that restores WiFi functionality is resetting the iPhone’s network settings by going to Settings > General > Reset and selecting Reset Network Settings. A factory reset would presumably work as well, but there’s no reason to go that far.
Such a bug could be exploited by bad actors to mess with unsuspecting iPhone users, so be on the lookout for any open or “free” WiFi networks with the SSID in question.
