iOS: Fixed a bug 1 January 1970 remotely exploitable

Researchers reveal how they managed to change the date of iPhone remote to make them unusable.

If you use an iPhone or iPad running iOS 9.3, it is strongly advised to perform the update to version 9.3.1. Not only because the new version of the mobile provision on March 31 OS fixes the bug nonfunctional hyperlinks in some cases in Safari (which is nevertheless uncomfortable). But mostly because it closes a security hole that can be much more problematic than a dead link.

Blocking by the date

ios-androidiOS 9.3.1 fixes the bug 1/1/1970. Revealed by researcher Zach Straley, this bug planted a terminal whose date was set before 1 January 1970. Only the reset of the device allows to make it operational. It is also necessary that an attacker (or a sufficiently skeptical user to check himself that this dysfunction) has physical access to the device and setup functions. Except that two other researchers, Patrick Kelley, the CriticalAssets firm, and Matt Harrigan, of PacketSled, highlighted the possibility of challenging a mobile terminal Apple remote, as reported Krebsonsecurity .

The method involves usurping the network time protocol (NTP) Apple inviting the terminal to connect to a WiFi network false. Nothing simpler since the iPhone and iPad tend to automatically reconnect to a wireless network that they have used, and this with a relatively weak authentication. Thus, if the terminal already has a pre-identified network as “WiFi Hotspot” in its settings, it will automatically connect to all access points identified as such. Once this connection, it would be easy for attackers to redirect to the server of their choice.

Battery overheating

Including an NTP server that Apple devices are constantly looking to synchronize their date and time. Then simply set the NTP server to return a previous date of January 1, 1970 to block the terminal. FreakFeature-348x196And even make it permanently inoperable because the bug generates overconsumption of resources which rapidly raise the temperature of the battery. The heat of the researchers of the iPad has reached 54 ° C in just three minutes. As for the fake hotspot WiFi, researchers have a developed from a Raspberry Pi with an antenna. Total investment: $ 120.

The iPhone is probably less vulnerable than the iPad because they tend to connect to NTP servers over the wireless network operators unlike the majority who favor the iPad WiFi. But if spoof a GSM network is harder to do than with a Wifi hotspot, this is not impossible, the researchers said. So it is best to adopt the update to iOS 9.3.1 without (too) quickly.