fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

iPhone WiFi bug morphs into zero-click hacking, but there’s a fix

iPhone WiFi bug morphs into zero-click hacking, but there’s a fix

Security researchers investigating a bug that crashed the Wifi service on iPhones found that it could be exploited for remote code execution without user interaction.

When initially disclosed, the bug could disable an iPhone’s WiFi connection after trying to connect to a network with a name (SSID) that included a special character.

Security researcher Carl Schou found the vulnerability after making his iPhone join a network with the SSID “%p%s%s%s%s%n,” resulting in the device losing its WiFi connection capability:

iPhone WiFi loop crashing
source: Carl Schou

Different variations of the string led to crashing the WiFi service and sending it into a restart loop. Tests from done by BleepingComputer and security researchers shows that the vulnerability discovered by Schou is exploitable in iOS 14.6 when connecting to a maliciously crafted SSID.

Fixing the bug was as simple as resetting network settings to remove the names of all WiFi networks, including the mischievous one, from the lists of known SSIDs it could join.

Also Read: Personal Data Protection Act Singapore: Is Your Business Compliant?

Bug worse than thought

However, researchers at mobile security startup ZecOps found that there is more to this bug than the initially reported WiFi denial-of-service (DoS) condition.

In a blog post last week, the researchers note that the bug can be triggered as a zero-click (no user interaction) and has potential for remote code execution.

ZecOps says that issue is similar to a format-strings bug, where the computer sees the input value as a formatting character, not a character. They dubbed this attack WiFiDemon.

“However, this bug is slightly different from the “traditional” printf format string bugs because it uses [NSString stringWithFormat:] which was implemented by Apple, and Apple removed the support for %n for security reasons,” ZecOps explains.

While trying to find another way to exploit the vulnerability, the researchers used “%@,” which is a format specifier for printing and formatting objects in Objective-C, the programming language for iOS software.

“A potential exploit opportunity is if we can find an object that has been released on the stack, in that case, we can find a spray method to control the content of that memory and then use %@ to treat it as an Objective-C object, like a typical Use-After-Free that could lead to code execution”- ZecOps

The researchers were successful when simply adding “%@” to the name of a SSID. One scenario that can lead to running code on the target device is to create a malicious WiFi network and wait for the victim to connect.

If the WiFi connection is enabled and the auto-join feature turned on, which is the default state, one scenario is to create a malicious WiFi network and wait for the target to connect.

On earlier iOS versions, even if the victim does not join the malicious network, the WiFi service crashes and restarts in a loop immediately after reading the malcrafted SSID name, the researchers write in their report.

If the bug is exploited locally, it could help an attacker build a partial sandbox so they could jailbreak the device.

ZecOps did not find evidence of WiFiDemon attacks in the wild but believes that some threat actors may have also discovered the bug and might exploit it.

The researchers say that the vulnerability that Schou discovered is exploitable in iOS 14.6 when connecting to a maliciously crafted SSID.

Furthermore, the zero-click part making WiFiDemon dangerous works on iOS 14 through 14.4, since Apple patched the bug silently with the security updates released in January.

Among the researchers’ recommendations to keep safe from WiFiDemon attacks is to update the phone to the latest OS version as well as cosider disabling the auto-join feature in WiFi settings, which can also protect against beacon flooding attacks that bombard the device with access points to connect to.

Today’s iOS 14.7 security updates from Apple are expected to fix the issues highlighted in ZecOps’ report.

Also Read: How to Choose a Penetration Testing Vendor

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us