It seems that Apple has a lot of problems lately, and we need someone to fix them. After initially finding out about the first iPhone wi-fi bug, Carl Schou, security researcher, has found another similar issue. At this point, we start wondering how safe is wi-fi networks.
The new problem involves new symbols
It seems that if an iPhone comes with a Wi-fi network that’s named ‘%secretclub%power’, then you won’t be able to use the wi-fi or wi-fi related features. This bug will still be alive even after resetting the network settings. It seems that the only solution to this problem is a factory reset – but we’re still looking into that, so you might want to put it on hold for now.
You can permanently disable any iOS device’s WiFI by hosting a public WiFi named %secretclub%power
Resetting network settings is not guaranteed to restore functionality.#infosec #0day
— Carl Schou (@vm_call) July 4, 2021
Why is the new problem so hard to fix?
The first use was with the iPhone finding a network name with the SSiD “%p%s%s%s%s%n”. But this bug, in comparison with the second one found, could be easily solved by resetting the iPhone network settings from the Settings app. This new problem is not that easy to solve, and the reason for it might be when an iPhone comes in range of a malicious public wi-fi hotspot with that name. Somewhere, there’s a coding error. At this point, there might be many more variants of the same bug – with network names that use the ‘%s’, ‘%p’ and ‘%n’ character sequences.
What can we do to prevent it from happening?
We think that the best solution to this is to avoid connecting to wi-fi networks that have these symbols in their name. Right now, we’re waiting for a software update that will fix the bug.