Researchers find iOS vulnerability that crashes iPhones and iPads

November 06, 2018 // By Christoph Hammerschmidt
Through a vulnerability in Apple's iOS, attackers can crash iPhones and iPads using commercially available hardware. Physical access is not required for this. That's what researchers at the Darmstadt Technical University have found out. More than half a billion devices are affected by this problem.

Scientists at the Secure Mobile Networking Lab at the TU Darmstadt have found a vulnerability in the iPhone operating system iOS 12 that could allow an attacker to crash mobile Apple devices such as iPhones and iPads with a standard WLAN card and a simple single-board computer for less than 20 euros. According to the principle of "responsible disclosure", the vulnerability was reported to Apple and has just been closed by an iOS update. The scientists therefore strongly recommend users of Apple mobile devices to install the current iOS update 12.1.

Apple has traditionally promoted user-friendly features such as AirPlay, which allows users to send music or movies to compatible speakers and TVs wirelessly and with a single click from a variety of Apple devices. The underlying protocols use manufacturer extensions such as Apple Wireless Direct Link (AWDL), which enables direct WLAN communication between Apple devices. But the convenient functions also entail risks, explains Professor Matthias Hollick, head of the Secure Mobile Networking Lab at Darmstadt Technical University: "AWDL uses various wireless technologies. Put simply, the AWDL function is activated in the target device via a Bluetooth LE signal. In a second step, we take advantage of the fact that Apple does not cleanly check the input we send to the target device; this makes it possible to launch a denial of service attack. The result is a crash of the target device or all nearby devices at the same time. We don't need any user interaction."

According to the research team, the attack can be carried out using simple commercially available hardware - the researchers used the WLAN card of a laptop and a Bluetooth-capable single-board computer similar to a Raspberry Pi or Arduino, which was originally developed as a programming learning platform for schoolchildren. Potential attackers would therefore have an easy time of it.


Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.