What was first a seemingly harmless WiFi bug now poses an actual threat for iPhone users. Experts have discovered the tangible threat and warned iPhone users that these malicious network names can be harder to distinguish from legitimate ones.
Find out how you can avoid the security risk and keep your data safe.
iPhone WiFi Hack
Last month, reports of an iPhone Wi-Fi Bug that disables network connection first appeared to be harmless although it did have the potential to be exploited by hackers or anyone with malicious intent.
Now, according to Forbes, the threat is very real. Based on a research done by mobile security specialist ZecOps, they discovered a serious "zero-click" flaw was silently patched in the iOS 14.4 update.
Exploiting the vulnerability can be applied to the recent iPhone WiFi hack.
What this means is it can easily transform from being a relatively harmless denial of service (DoS) threat, the kind that was reported last month, into local privilege escalation (LPE) and remote code execution (RCE) attacks that can basically let hackers get into your phone and do whatever they want with it and all its contents--all done remotely!
After joining my personal WiFi with the SSID “%p%s%s%s%s%n”, my iPhone permanently disabled it’s WiFi functionality. Neither rebooting nor changing SSID fixes it :~) pic.twitter.com/2eue90JFu3— Carl Schou (@vm_call) June 18, 2021
"The recently disclosed 'non-dangerous' WiFi bug is potent," warned Zuk Avraham, the CEO of ZecOps, per Forbes.
The attacker can infect an iPhone or iPad runnion iOS 14.3 or earlier without any interaction with an attacker, ZecOps explained. This is known as a zero-click attack.
For iPhone users running on the latest version of iOS (14.6), joining a malicious WiFi network can leave the device vulnerable. What's alwarming is it is possible to construct a network name that does not expose the user to the weird characters that was described in earlier reports of the bug. This means even legitimate-looking or existing network names are actually malicious networks in disguise.
Apple has been working on a fix with their recent betas of iOS 14.7, said Forbes; however these attacks are new and, given their stealthy nature, can become more popular.
Seriously, I still don’t have WiFi pic.twitter.com/AaF9IQBvCp— Carl Schou (@vm_call) July 4, 2021
How to Avoid the iPhone WiFi Threat
If your iPhone is running on iOS 12 or earlier, ironically, you are not vulnerable to this security risk, Forbes noted.
For everyone else, it is best that you disable the iPhone's Auto-Join feature for WiFi connection. Go to Settings > Wi-Fi > Auto-Join Hotspot > Never.
Avoid connecting to WiFi networks with percent signs in their names, Naked Security advised, as this was how the earlier rendition of the vulnerability manifested and could be how some hackers still operate.
Don't connect to Wi-Fi networks in public settings either. Knowing that hackers can disguise the malicious network like a real Wi-Fi hotspot, it can be difficult to discern which is safe.
It is also best tto prepare backups of your iPhone data just in case and from time to time. Also, reset your Network settings to avoid the known networks your iPhone may connect to automatically. Just go to Settings > Reset > Reset Network Settings. And only connect to the networks you know.
The next thing to do is wait. Apple will likely release a patch for the version of the flaw in iOS 14.7 and could be released as early as next week.
This new way of orchestrating attacks has the potential to begin a heavy clash between hackers and all big tech companies, espeicall as these new forms of airborne attacks gain popularity.