Break in: the iPhone date exploit can be targeted by hackers
Security researchers have uncovered a nefarious method that hackers can use to remotely brick an iPhone or iPad.
The hack involves tricking the iGadget into believing the date is January 1, 1970.
It's an issue that was first reported earlier this year and required users to manually change the date themselves.
If you set the date then reboot the phone it will refuse to load up properly. Some users fell for online hoaxes and ended up bricking their phones by mistake.
Apple swiftly issued a fix to sort it out. But now the security researchers have discovered there's a way for the January 1, 1970 date to be set remotely over a wi-fi network.
Matt Harrigan from PacketSled and Patrick Kelley from CriticalAssets.com realised that when an iPhone connects to a wi-fi network, it draws the time and date from "network time protocols" servers around the globe.
"The researchers said they discovered they could build a hostile Wi-Fi network that would force Apple devices to download time and date updates from their own (evil) NTP time server: And to set their internal clocks to one infernal date and time in particular: January 1, 1970," explained the security blog Krebs on Security .
And, according to the blog, all the researchers needed to accomplish the task was a £30 Raspberry Pi computer and some custom software.
"The reboot caused all iPads in test to degrade gradually, beginning with the inability to unlock, and ultimately ending with the device overheating and not booting at all," explained the researchers.
"Apple has confirmed this vulnerability to be present in 64 bit devices that are running any version less than 9.3.1."
Both researchers say they worked with Apple before they made their findings public. So if you haven't updated to the latest iOS version , this might be a good reason to do so.
Source: Mirror UK
0 comments:
Post a Comment