Sign up today for an exclusive discount along with our 30-day GUARANTEE — Love us or leave, with your money back! Click here to become a part of our growing community and learn how to stop gambling with your investments. We will teach you to BE THE HOUSE — Not the Gambler!

Click here to see some testimonials from our members!

Rogue Hotspot Can “Permanently” Break iPhone WiFi Functionality 

Courtesy of ZeroHedge View original post here.

Security researcher Carl Schou discovered a bug in Apple's iOS that can disable an iPhone's ability to connect to hotspots after joining a WiFi with the SSID "%p%s%s%s%s%n."

Schou tweeted, "after joining my personal WiFi with the SSID "%p%s%s%s%s%n", my iPhone permanently disabled its WiFi functionality. Neither rebooting nor changing SSID fixes it :~)." 

Schou told BleepingComputer that he conducted the test on an iPhone XS, running iOS version 14.4.2. BleepingComputer confirmed the test on an iPhone running iOS 14.6. They said the iPhone's wireless functionality would break after connecting to %p%s%s%s%s%n.

What this looks like is a format string bug issue, which is unusual these days. After the iPhone connected to the strangely worded hotspot, the smartphone failed at connecting to other hotspots. Android devices connected to the hotspot but didn't experience the same problem as iPhones.

A bug like this could be exploited by criminal actors who create unsecured WiFi hotspots called %p%s%s%s%s%n in a populated area and would wreak havoc on iPhone users trying to connect. 

BleepingComputer says this is a "string formatting vulnerability." 

Other security researchers who saw Schou's tweet and analyzed the crash report believe that an input parsing issue likely causes this bug.

When a string with "%" signs exists in WiFi hotspot names, iOS may be mistakenly interpreting the letters following "%" as string-format specifiers when they are not.

In C and C-style languages, string format specifiers have a special meaning and are processed by the language compiler as a variable name or a command rather than just text.

For example, the following printf command does not actually print the "%n" character but stores the number of characters (10) preceding %n into the variable "c."

The "%n" is merely a format specifier and not an actual text string. As such, the output of the following line will simply be "geeks for geeks," with no mention of "%n."

The good news is there's a fix that requires a reset of iOS network settings. 

While this bug is not widely known yet, imagine if malicious actors set up fake hotspots across dense metro areas and caused a WiFi crisis among iPhone users… Apple should really look into this bug. 


Do you know someone who would benefit from this information? We can send your friend a strictly confidential, one-time email telling them about this information. Your privacy and your friend's privacy is your business... no spam! Click here and tell a friend!





You must be logged in to make a comment.
You can sign up for a membership or get a FREE Daily News membership or log in

Sign up today for an exclusive discount along with our 30-day GUARANTEE — Love us or leave, with your money back! Click here to become a part of our growing community and learn how to stop gambling with your investments. We will teach you to BE THE HOUSE — Not the Gambler!

Click here to see some testimonials from our members!