A simple, unsecured Wi-Fi hotspot can completely break an iPhone’s ability to connect to any wireless network. The Wi-Fi connectivity remains broken even if the iPhone is rebooted or the Wi-Fi hotspot renamed.
A simple and seemingly innocuous Wi-Fi hotspot can render any Apple iPhone unable to establish a wireless internet connection. Needless to mention, considering how simple it is to break an iPhone’s ability to connect to any Wi-Fi, this is a rather serious security bug.
A Wi-Fi hotspot renders iPhone wireless connectivity broken:
Reverse engineer Carl Schou ran into an issue when connecting to his personal WiFi hotspot named:
%p%s%s%s%s%n
The Wi-Fi hotspot is unsecured. In other words, it is “Open” and does not require any password or PSK (Pre-Shared Key) to join. However, upon connecting to the hotspot, the iPhone’s Wi-Fi would be disabled.
After joining my personal WiFi with the SSID “%p%s%s%s%s%n”, my iPhone permanently disabled it’s WiFi functionality. Neither rebooting nor changing SSID fixes it :~) pic.twitter.com/2eue90JFu3
— Carl Schou (@vm_call) June 18, 2021
Simply deleting the now-stored Wi-Fi hotspot does not restore wireless connectivity functionality. In fact, every time the affected iPhone’s Wi-Fi setting is started, it quickly turns off again.
What is concerning is that the effect of the rogue Wi-Fi hotspot continues even after rebooting the affected iPhone.
Schou has noted that his experiment worked successfully on an iPhone XS, running iOS version 14.4.2. However, reports indicate the bug can affect nearly every Apple iOS device, even the ones running the latest iOS 14.6 version.
It appears that the victim’s iPhone attempts to self-rectify but fails repeatedly. In some cases, attempting to reconnect to the troubling SSID fails, and the iPhone cannot connect to any of the previously stored Wi-Fi access points.
So I haven't done any homework on this bug / wouldn't even really know where to look but i'm guessing this is just an ios bug??
Old ass android had no issue connecting to and saving it both open and with wpa2. pic.twitter.com/ydegK7AR7x— MobCat 😺 (@MobCat99) June 19, 2021
It is important to note that an Android smartphone, irrespective of the version, currently remains immune to the rogue Wi-Fi hotspot. This means an Android device is able to connect to the hotspot. And if it has internet connectivity, the device is able to access the same as well.
How to fix an iPhone that is unable to activate and use the onboard wireless connectivity?
It is not exactly clear why an iPhone’s wireless connectivity completely breaks down after connecting to this particular Wi-Fi hotspot. However, a few researchers believe there could be a “parsing” issue.
When a string with “%” signs exists in Wi-Fi hotspot names, Apple iOS may be mistakenly interpreting the letters following “%” as string-format specifiers. Needless to mention, in this particular case, they are not.
#Hacking #0Day #Bug #DoS #iOS #iPhone #WiFi #Malware #Vulnerability #CyberCrime #CyberAttack #CyberSecurity
Your iPhone's WiFi will break after you join this hotspot.https://t.co/LPxbZ1pBaM pic.twitter.com/944ihxZejh— Richard S. (@Richard_S81) June 19, 2021
Some old posts about Wi-Fi issues with Apple iOS iPhones, mention avoiding the ‘%’ character in a Wi-Fi SSID.
It is concerning to note just how easy it is to break an iPhone’s ability to use Wi-Fi. Moreover, the bug renders Wi-Fi unusable until the owner of the device resorts to using the “Reset Network Settings” option.
BREAKING: A new #iPhone WiFi bug has come to light:
Simply connecting to a WiFi hotspot named with "%…" characters will bork your device and #DoS the wireless functionality.https://t.co/9wzEnxuEaa#apple #iphone #glitch #vulnerabilities #bug— Ax Sharma (@Ax_Sharma) June 19, 2021
To fix the issue, go to Settings on the affected iPhone, and under General, select the ‘Reset’ option. Within the Reset screen, there’s an option labeled “Reset Network Settings”.
Click on the same, and accept the confirmation prompt. The device will restart and restore the wireless connectivity platform.
It is important to note that performing a reset also wipes out all the stored Wi-Fi passwords. Hence, before performing the action, ensure all the passwords are accessible.