A specific network name can completely disable Wi-Fi on your iPhone

Discussion in 'Headline News' started by RickAgresta, Jun 20, 2021.

  1. RickAgresta

    RickAgresta General Peanut, leader of the Peanutty Forces

    Likes Received:
    Trophy Points:
    Here’s a funny bug: a security researcher has found that a carefully crafted network name causes a bug in the networking stack of iOS and can completely disable your iPhone’s ability to connect to Wi-Fi.

    On Twitter, Carl Schou showed that after joining a Wi-Fi network with a specific name (“%p%s%s%s%s%n”), all Wi-Fi functionality on the iPhone was disabled from that point on.

    Once an iPhone or iPad joins the network with the name “%p%s%s%s%s%n”, the device fails to connect to Wi-Fi networks or use system networking features like AirDrop. The issue persists after rebooting the device (although a workaround does exist, see below).

    Although Schuo does not detail exactly how he figured this out, any programmer should notice a pattern in the funky network name required to trigger the bug.

    Here’s the likely explanation: the ‘%[character]’ syntax is commonly used in programming languages to format variables into an output string. In C, the ‘%n’ specifier means to save the number of characters written into the format string out to a variable passed to the string format function. The Wi-Fi subsystem probably passes the Wi-Fi network name (SSID) unsanitized to some internal library that is performing string formatting, which in turn causes an arbitrary memory write and buffer overflow. This will lead to memory corruption and the iOS watchdog will kill the process, hence effectively disabling Wi-Fi for the user.

    Obviously, this is such an obscure chain of events that it is highly unlikely that any person accidentally falls into this, unless a load of Wi-Fi pranksters suddenly pop up in the wild with open Wi-Fi networks using the poisoned name. Until Apple fixes this edge case in a future OS update, just keep an eye out for any Wi-Fi networks with percent symbols in their name.

    Nevertheless, If you are somehow affected by this, the bug does not appear to permanently damage your hardware.

    You should be able to reset all network settings and start over. In Settings, go to General -> Reset -> Reset Network Settings. This resets all saved Wi-Fi networks on the iPhone (as well as other things like cellular settings and VPN access), thereby removing the knowledge of the malicious network name from its memory. You can then join your standard home Wi-Fi once more.

  2. headcronie

    headcronie Greyscale. Nuff Said. Super Moderator

    Likes Received:
    Trophy Points:
    It's a good thing that school is out for the summer. The last iOS bug like this which involved sending a sms to a vulnerable recipient spread very quickly through the buildings while school was in session. I could easily see students setting up open wifi networks on their devices to lure unsuspecting Apple devices onto them to trigger this event.
    scjjtt, Hook, raspabalsa and 2 others like this.
  3. raspabalsa

    raspabalsa Brain stuck BogoMipping

    Likes Received:
    Trophy Points:
    Not many idevices around here in Viacha. In fact, the only one I know of is my work iPad (SIM-less model). And yes, the bug does work there. I set the offending SSID on my S10+, activated tethering, connected the iPad, and immediately lost all WiFi capability, just like shown in the Twitter video above. Just as easily recovered WiFi with the reset detailed above. But yes, would be fun to wreak havoc on some people's ithings. If there were any around here, that is.
    scjjtt, Hook and headcronie like this.

Share This Page