A bug in the way iOS handles Wi-Fi hotspot names is apparently worse than first thought, with one malformed SSID found to disable Wi-Fi access on an iPhone completely, requiring a factory reset to rectify it.
In June, security researcher Carl Schou discovered a personal Wi-Fi hotspot name of “%p%s%s%s%s%n” causes problems for iOS devices. It was found that iPhones simply couldn’t connect to the hotspot, and in fact disabled Wi-Fi connectivity in some instances.
While that issue could be fixed by reseting the network settings within iOS, Schou has since discovered a variant along the same lines that can cause more harm to an unsuspecting iPhone. According to Schou in a tweet on Sunday, using the SSID “%secretclub%power” can disable an iOS device’s Wi-Fi capabilities, with no guarantee that a network settings reset will restore connectivity.
You can permanently disable any iOS device’s WiFI by hosting a public WiFi named %secretclub%power Resetting network settings is not guaranteed to restore functionality.#infosec #0day
Schou claims the iPhone used to test still didn’t have Wi-Fi after repeated resets of network settings and a forced restart of the iPhone. The researcher has also contacted Apple’s device security team over the matter, but has yet to hear anything back.
The original bug was believed to be an issue with input parsing, where the percentage sign could be misinterpreted by iOS as a string-format specifier, namely that characters following the symbol could be considered a variable or a command instead of plain text.
While the new SSID does jokingly promote Secret Club, a technology exploration group Schou is involved with, the use of the percentage signs followed by the characters S and P are most likely the problem areas for the hotspot name bug. Analysis of the issue confirms a format string bug is behind it, though it doesn’t seem to be a highly exploitable vulnerability for a bad actor.
It is highly likely that there are many more combinations of text strings that could cause problems within iOS in this manner, but only until the bug is patched out by Apple. While the company is beta-testing iOS 14.7 and iOS 15, it is unclear if the issue will be fixed in those releases by the company.
For the moment, AppleInsider recommends users don’t connect to unfamiliar Wi-Fi access points, especially if they include unusual symbols.
Keep up with everything Apple in the weekly AppleInsider Podcast — and get a fast news update from AppleInsider Daily. Just say, “Hey, Siri,” to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too.
If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple’s Podcasts app, or via Patreon if you prefer any other podcast player.
AppleInsider has affiliate partnerships and may earn commission on products purchased through affiliate links. These partnerships do not influence our editorial content.
Well this is one I’m not going to test.
You guys are about a week behind on this one.
How do you figure? There was a post on this here last week on the first issue, and now an update that the guy found came out earlier today. I’d say they are right on it. Or did you know about the Secret Club version earlier than today?
I have found if my PW has similar characters, it creates an issue with Wi-Fi not working correctly on an iPod touch. Even a factory reset has not solved the issue. PW has also been changed.
Why would a router name ever be handled as anything other than a plain text string? Why is it even possible for that string to be read as some kind of format/type specifier? Databases usually have “illegal” characters stripped, and it has, in my past experience, been extremely irritating to see which characters certain databases dislike (inconsistently), because of how it limits the human usage of said databases. There are still systems on the internet that refuse to accept modern password strength requirements (government and corporate), forcing a maximum of 8 characters for password and/or user ID. What outdated software are they running?? We generally find protection against storing illegal characters, such as in file & volume name dialogs. That same process isn’t used to limit WiFi IDs? Is there not a formalized definition for a WiFi ID’s allowable characters? Why, in modern computing, is it still possible to break things via “unexpected” characters?
The South African president says his iPad was stolen, another iCloud-assisted Capitol riot arrest, and Find My iPhone solves another car theft, on this week’s roundup of Apple-related crime.
Apple’s “iPhone 13” may include a larger wireless charging coil than in the iPhone 12, a rumor claims, one that could offer reverse wireless charging as well as faster overall recharging times.
If you have a vast Lego collection of bricks in a bucket, you could probably do with some inspiration and help sorting out the pile. Here’s how to use your iPhone to assist in constructive play.
With the launch of the Beats Studio Buds, Apple now has a total of four wireless earbuds it sells to consumers. Here’s how the newcomers face against AirPods, AirPods Pro, and Beats Powerbeats Pro.
Sony launched the WF-1000XM4 wireless earbuds in June, its noise-cancelling rival to the Apple AirPods Pro. Here’s how Sony’s latest stacks up against Apple’s heavy hitter.
Apple has evolved its remote control over time, with each iteration introducing physical improvements and better features. After launching the second-generation Siri Remote, has Apple created its best controller?
In April, Amazon upgraded its Echo Buds to make it a better value-oriented rival to Apple’s AirPods. Here’s how Amazon’s offerings stack up to Apple’s AirPods and AirPods Pro.
Apple’s launch of AirTag puts it into a growing market of tracking accessories, but how does it compare against the Tile Pro and the Find My-enabled Chipolo One Spot? We compare the trackers.