The WiFiDemon vulnerability
A recent security report claims that the Wi-Fi network name bug, which is said to disable an iPhone’s networking capability entirely, also has remote code execution capabilities and was patched quietly by Apple earlier this year.
Last month, a denial-of-service flaw was revealed in iPhones that was related to how iOS processed string formats linked with the SSID input. The flaw was causing a crash on any iPhone that connected to Wi-Fi networks with percent symbols such as “%p%s%s%s%s%n”.
The initial fix of the bug suggested resetting the network settings by going to Settings >>> General >>> Reset >>> Reset Network Settings. However, while examining the flaw closely, researchers at ZecOps discovered that the same flaw could be used by threat actors to achieve remote code execution (RCE) on targeted devices by adding “%@” to the Wi-Fi network’s name.
Named “WiFiDemon” the vulnerability is also seen as a zero-click flaw since a threat actor can easily infect the device without needing any user input. All that is needed is that users have the Wi-Fi settings enabled to automatically join networks, which is typically the default choice.
This vulnerability may be exploited as long as the Wi-Fi is switched on, the researchers explain in their report. As per their findings, in the first stage of the attack, the malicious actors will disconnect or de-associate the device and, after that, they can launch a zero-click attack. And what is worse, a user would not even know that it has been under attack. It is almost impossible to detect the attack unless you specifically look for it since, nothing will be saved on the disk about the malicious access point and, as soon as it is turned off, the Wi-Fi will function as normal.
As per the published report, prior to iOS 14.3, all iOS versions beginning with iOS 14.0 and earlier had been discovered to be susceptible to the RCE flaw.
Researchers have found that with its iOS 14.4 release, Apple had “silently” patched the flaw in January 2021. However, the vulnerability has not been assigned with a CVE identifier.
While the vulnerability is exploitable, the suggested response is to upgrade your iPhone or iPad to the latest iOS version, which the Apple team released on Monday. The long-awaited iOS 14.7 includes security and bug improvements, as well as a patch for the Wi-Fi denial-of-service flaw.