This can happen by using the search function Wi-Fi trusted networks. In one example described by Krebs on Security, if the user confirms the reliability of such a network called "attwifi" could be considered reliable other networks with the same name and same features, with which the iOS device will connect automatically. The functionality can be exploited to trigger the exploit the bug of 1970, allowing the network to alter the date of the iOS device.
Kelley in research and Harrigan have used this feature of the iPhone and iPad to build a Wi-Fi network by exploiting the need of malevolent iOS devices to connect from time to time to a NTP (Network Time Protocol) to maintain time synchronization . Once connected to the deemed reliable network, the smartphone automatically synchronizes the time and date with that of the fake malicious NTP server, specifically set up to January 1, 1970.
"One thing we noticed when we set the date of 1970 on an iPad, was that the device clock began to mark time in the opposite direction," said Harrigan, president and CEO of PacketSled. "When we were connecting the iPad second 15 minutes later, the first iPad indicated as the date 15 December 1968". According to expert's safety report, the device is finally superheated in an excessive causing permanent damage.
Soon discovered the results the team immediately contacted Apple to avoid that the vulnerability was disclosed to the public before the release of an official fix. To date, iOS 9.3.1 is available as an upgrade for quite some time for all the latest smartphones and tablet of Apple, and the new exploits of the dangerous bug without any user interaction is one more reason to upgrade to the latest version of the operating system.
No comments:
Post a Comment