In this episode of How Do Hackers Do Things, GraVoc Security Consultant, Josh Jenkins, demonstrates how a hacker can break an iPhone’s Wi-Fi settings by creating a rogue hotspot through an SSID access point.
Recently, a bug was found within iPhones that if activated, can prevent users from accessing their Wi-Fi settings. How this specific bug works is that when a user connects to the Wi-Fi name, %p%s%s%s%s%n, this will cause their Wi-Fi functionality to not work and ultimately break. Even after rebooting, the devices are unable to connect to any Wi-Fi networks. This can also affect other Apple devices such as iPads and iMacs.
In this video, Josh demonstrates exactly how this is done by hackers. Josh creates a fake SSID access point using the 12 characters – %p%s%s%s%s%n. Once joined, this will disallow Josh from using his Wi-Fi settings. After Josh creates and adds the new SSID access point, he jumps onto his iPhone and joins the newly added access point. Once connected, the vulnerability has been activated and Josh is now unable to use his Wi-Fi settings or change them at all.
How to Reset Network Settings on iPhone:
At 1:07 in the video, Josh demonstrates how a user can quickly fix their iPhone’s Wi-Fi settings should they fall victim to joining a hacked SSID access point such as this one. Follow the steps below to get your Wi-Fi up and running again:
- Go into Settings > General > Reset
- Click on ‘Reset Network Settings’
Doing this will delete the access point from your list and allow you to change your settings.
How to Prevent iPhone Hacks Through Rogue Hotspots:
Apple is currently in the process of creating a patch that will fix this specific vulnerability for the rogue network name %p%s%s%s%s%n. However, to prevent any sort of attack like this from happening to you in the future, it is important to not connect to any network/hotspot that you are unfamiliar with.
For businesses, it’s important to train your employees on the dangers of joining unknown networks. By performing security trainings, you can assure that your team has the skills to point out dangers and prevent attacks like these from happening. GraVoc provides Information Security services, including information security training, to businesses throughout the US to help spot vulnerabilities such as these. For more information on preventing these types of attacks, check out our Information Security Services.
How Do Hackers Do Things Series
If you enjoyed this video, make sure to check out our other How Do Hackers Do things videos for more great security videos and tips! How Do Hackers Do Things focuses on different methods of hacking that cybercriminals use to exploit their victims. Our goal is bring awareness to the vulnerabilities and hacking methods that surround our everyday lives!
The NSA Cybersecurity Guide for Remote Workers
In this blog post, we cover a few key recommendations for remote workers from the NSA guide, ‘Best Practices for Securing Your Home Network.’
GraVoc Recognized on CRN’s 2023 MSP 500 List
CRN®, a brand of The Channel Company, has named GraVoc to its Managed Service Provider (MSP) 500 list in the Pioneer 250 category for 2023!
The Cybersecurity Implications of ChatGPT
Is ChatGPT a security risk? In this blog post, we explore the cybersecurity implications of ChatGPT, including the benefits and challenges.