Once, there were rumors that Apple devices were virtually hack-free. However, recently, a string of attacks on iOS devices seem to disprove that theory.
Now, security experts have discovered a security flaw in iOS 8 that combines with a Wi-Fi exploit that will not just crash your phone, but cause it to crash and restart over and over, making it unusable.
Mobile security firm Skycure discovered the flaw, which makes your iOS devices vulnerable to SSL certificates when the phone connects to an exploited Wi-Fi connection.
What makes this a particularly bad flaw is that most apps require a SSL certificate, which basically means that they've secured their connection so that your device knows that it's using something by a trusted party. Also, AT&T phones automatically connect to any Wi-Fi network called "attwifi."
Anyone can set up an exploited Wi-Fi connection and name it "attwifi," including those with malevolent plans. So, the exploit works like this: when your iPhone or iPad automatically connects to an exploited network called "attwifi," your phone crashes and then restarts and repeats the whole cycle, becoming completely unusable. Even worse, once the device starts the cycle, there's nothing you can do.
"The aforementioned is interesting in particular, as it puts the victim's device in an unusable state for as long as the attack impacts a device," writes Skycure on its blog. "Even if victims understand that the attack comes from a Wi-Fi network, they can't disable the Wi-Fi interface in the repeated restart state as shown in the video."
Right now, there's only one way to prevent this happening to your device: turn off Wi-Fi.
Skycure plans on working with Apple to fix this issue, but for now, the company hasn't released any specific details on how the exploit works. However, the company wants all iOS 8 device users to know that their devices are at risk and that they should never trust any free Wi-Fi network. They also recommend that iOS 8 device users upgrade their OS as soon as possible.
As of now, no one has reported an actual attack through this vulnerability, but now that hackers know it exists, it's only a matter of time before someone figures out how to exploit it.
Photo: Håkan Dahlström | Flickr