06 July 2021

Report from The Verge: Public WiFi Network Names

Researcher finds certain network names can disable Wi-Fi on iPhones

It looks like Wi-Fi networks with percent symbols in their names may cause a bug

A security researcher has found that certain Wi-Fi networks with the percent symbol (%) in their names can disable Wi-Fi on iPhones and other iOS devices. Carl Schou tweeted that if an iPhone comes within range of a network named %secretclub%power, the device won’t be able to use Wi-Fi or any related features, and even after resetting network settings, the bug may continue to render Wi-Fi on the device unusable.

A few weeks ago, Schou and his not-for-profit group, Secret Club, which reverse-engineers software for research purposes, found that if an iPhone connected to a network with the SSiD name %p%s%s%s%s%n it would cause a bug in iOS’ networking stack that would disable its Wi-Fi, and system networking features like AirDrop would become unusable.

9to5 Mac offered a possible explanation for the weird bug:

the ‘%[character]’ syntax is commonly used in programming languages to format variables into an output string. In C, the ‘%n’ specifier means to save the number of characters written into the format string out to a variable passed to the string format function. The Wi-Fi subsystem probably passes the Wi-Fi network name (SSID) unsanitized to some internal library that is performing string formatting, which in turn causes an arbitrary memory write and buffer overflow. This will lead to memory corruption and the iOS watchdog will kill the process, hence effectively disabling Wi-Fi for the user. 

 

No comments: