Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Private I: The collision of automatic Wi-Fi connections and a security flaw

Glenn Fleishman | April 24, 2015
On Tuesday, researchers from Skycure disclosed at the RSA conference that a previously known iOS flaw related to automatic Wi-Fi network connection and a newly discovered SSL certificate handling error could cause an iPhone or iPad to crash and endlessly reboot as long as it remains within range of the network. (Skycure sells monitoring and mitigation systems.)

And the attack isn't active. With a fake base station set up, it needs no Internet connection and it can fake multiple names using virtual networks, a Wi-Fi feature that lets one hardware base station sport many names. (That's how guest networking works with Apple's equipment.)

The repair is surely coming from Apple for the SSL certificate parsing flaw. But the bigger issue in the industry that remains requires time to fix. There has to be a way to let users more effectively only connect to networks to which they intend to, and none yet exists.

 

Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.