While iOS 9.3 fixed a bug that bricked iOS devices when the date was set to 1st Jan 1970, security researchers have found a variation on the theme that can remotely brick later devices as soon as they connect to a WiFi hotspot. The exploit uses a combination of two weaknesses discovered in iOS, reports KrebsonSecurity.
The first is that iOS devices automatically reconnect to known WiFi hotspots, but rely on the SSID to identity them. iPhones and iPads will auto-connect to a malicious WiFi hotspot that spoofs the name of a known one.
Second, iOS devices are programmed to constantly check that their time and date settings are correct by connecting to Network Time Protocol (NTP) servers. All the researchers had to do was create their own WiFi hotspot labelled ‘attwifi’ (as used by Starbucks) and their own NTP server pretending to be time.apple.com to deliver the 1st January 1970 date …
The result? The iPads that were brought within range of the test (evil) network rebooted, and began to slowly self-destruct. It’s not clear why they do this, but here’s one possible explanation: Most applications on an iPad are configured to use security certificates that encrypt data transmitted to and from the user’s device. Those encryption certificates stop working correctly if the system time and date on the user’s mobile is set to a year that predates the certificate’s issuance.
The vulnerability is related to, but not identical to, the original 1970 bug – which means it wasn’t fixed in iOS 9.3.
Security researchers Patrick Kelley and Matt Harrigan reported their findings to Apple, which fixed it in iOS 9.3.1, but devices running earlier versions remain vulnerable. The researchers agreed not to make the exploit public until Apple had patched it.