It's 2021 and a printf format string in a wireless network's name can break iPhone Wi-Fi

2021-06-21 21:59

Joining a Wi-Fi network with a specific sequence of characters in its SSID name will break wireless connectivity for iOS devices.

On Friday, Carl Schou, a security researcher in Denmark, reported that his iPhone lost its Wi-Fi capability after attempting to connect to a Wi-Fi network named "%p%s%s%s%s%n".

The offending name is made up of good old C language printf()-style string format specifiers.

Apple iOS devices that lose Wi-Fi capability after being bitten by this bug can be restored via the General -> Reset -> Reset Network Settings menu option, which reverts network settings to their factory default.

The Wi-Fi failure, according to a writeup by China-based security researcher Zhi Zhou, follows from a format string bug.

"The CFString format string syntax doesn't have %n format modifier, so writing into memory at the pointer on stack is impossible. Also the attacker doesn't have control of the pointers on stack, because the format string is located on the heap."

News URL

https://go.theregister.com/feed/www.theregister.com/2021/06/21/wifi_ssid_flaw/

#iphone #wifi #wireless