A wireless network naming bug has been discovered in Apple’s iOS operating system that effectively disables an iPhone’s ability to connect to a Wi-Fi network.
The issue was spotted by security researcher Carl Schou, who found that the phone’s Wi-Fi functionality gets permanently disabled after joining a Wi-Fi network with the unusual name “%p%s%s%s%s%n” even after rebooting the phone or changing the network’s name (i.e., service set identifier or SSID).
The bug could have serious implications in that bad actors could exploit the issue to plant fraudulent Wi-Fi hotspots with the name in question to break the device’s wireless networking features.
After joining my personal WiFi with the SSID “%p%s%s%s%s%n”, my iPhone permanently disabled it’s WiFi functionality. Neither rebooting nor changing SSID fixes it :~) pic.twitter.com/2eue90JFu3
— Carl Schou (@vm_call) June 18, 2021
The issue stems from a string formatting bug in the manner iOS parses the SSID input, triggering a denial of service in the process, according to Zhi Zhou, a senior security engineer at Ant Financial Light-Year Security Labs in a short analysis published on Saturday.
“For the exploitability, it doesn’t echo and the rest of the parameters don’t seem like to be controllable. Thus I don’t think this case is exploitable,” Zhou noted. “After all, to trigger this bug, you need to connect to that WiFi, where the SSID is visible to the victim. A phishing Wi-Fi portal page might as well be more effective.”
While the issue isn’t reproducible on Android devices, iPhones that have been affected by the problem would need to have their iOS network settings reset by going to Settings > General > Reset > Reset Network Settings and confirm the action.