Some time ago security researcher Carl Schou discovered a security vulnerability in the iPhone that could be exploited by simply accessing WiFi hotspots with a specific name.
At the time Schou only found that the crack would only damage the network settings on the iPhone, and it could be easily fixed by doing a ‘Reset Network Settings’. But it turns out that a more dangerous threat is peeking out of the crevice.
Reported from Forbes, Monday (19/7/2021), Schou then discovered another loophole whose effects were more dangerous. Even these loopholes can be used to infiltrate malware into phones, or even into entire networks.
The way to fix it is not just by doing a ‘Reset Network Settings’, but needs to be restored from a manually edited iPhone backup file to remove a line of malicious code.
But what's worse is that the way to exploit this vulnerability is not by accessing a WiFi network with an unusual name like "% p% s% s% s% s% n", but can be done via WiFi with an unsuspecting regular SSID name, even the name of the WiFi SSID in general.
This was stated by Amichai Shulman, CTO of wireless security company AirEye. He says that his research team is able to do that, even though his research is not yet complete.
But what is clear is that if hackers can trick WiFi hotspots to infiltrate malware and spread malware to home or work networks, or simply damage cell phones, this is a very dangerous thing.
“Because traffic attacks are not part of a corporate network, firewalls, NACs, and Secure WLANs cannot protect networks from such attacks and traditional network security solutions are clearly incapable of dealing with them,” Amichai explained.
"Traffic attacks can be sent from one channel to another that are not used by corporate network traffic. So, these attacks cannot be detected from network security solutions and do not leave traces in forensics and network logs," he added.
Amichai further noted that in tests conducted by AirEye, these security vulnerabilities could also affect MacBooks, and similar tactics could also be adapted to attack Android, Windows, and Linux.
With risks like this, Apple will inevitably fix the flaws in the upcoming iPhone update. Apple is currently testing iOS 14.7 in beta, or perhaps an upcoming security update specifically for iOS 14.6.1.
Tags
GADGET