You may have probably heard of a malicious WiFi attack that could break your iPhone. It happens when try to connect on a WiFi hotspot named “%p%s%s%s%s%n,”.

Reverse engineer Carl Schou discovered this issue. Now, as reported by Forbes, Schou has discovered that a similar attack can be made, but now can cause more serious damage to your iPhone.

It’s so much worse that fixing the WiFi will require a custom factory reset and manually editing the iPhone’s backup file to remove entries that cause the problem.

The hack is formally known as format string flow, and apparently, there had been concerns that it could be improved to cause more serious damage.

Basically, the goal of the hack is to put malicious code onto handsets and even a whole network and cause damage.

Initially, iPhone users were not too wary about this since you have to connect to a WiFi network with a weird name voluntarily. Who would do that, right?


However, it appears that the hack has gotten smarter. A research from AirEye, a wireless security specialist, reveals that the hack can change its name to a regular and legit-looking WiFi name to trick users it’s they actually are.

Since the attack traffic is not part of the corporate network, Firewalls, NACs and Secure WLANs do not protect against this type of attack and most traditional network security solutions remain completely oblivious to it. Attack traffic can be sent over channels that are not used for corporate network traffic. Consequently, the attack goes undetected by network security solutions and does not leave any trace in the forensics and networking logs.

Amichai Shulman, AirEye CTO

This new mode of attack can also affect MacBooks and Android, Windows, and Linux devices.

Hopefully, Apple and other manufacturers would act fast to put an end to this thing. For now, be careful what WiFi network you connect to. If you can, use mobile data instead when you’re outside and only connect to a WiFi network you’re entirely familiar and feels safe with.

Source: Forbes

Leave a comment

Your email address will not be published. Required fields are marked *