In this episode of How Do Hackers Do Things, GraVoc Security Consultant, Josh Jenkins, demonstrates how a hacker can break an iPhone’s Wi-Fi settings by creating a rogue hotspot through an SSID access point.
Recently, a bug was found within iPhones that if activated, can prevent users from accessing their Wi-Fi settings. How this specific bug works is that when a user connects to the Wi-Fi name, %p%s%s%s%s%n, this will cause their Wi-Fi functionality to not work and ultimately break. Even after rebooting, the devices are unable to connect to any Wi-Fi networks. This can also affect other Apple devices such as iPads and iMacs.
In this video, Josh demonstrates exactly how this is done by hackers. Josh creates a fake SSID access point using the 12 characters – %p%s%s%s%s%n. Once joined, this will disallow Josh from using his Wi-Fi settings. After Josh creates and adds the new SSID access point, he jumps onto his iPhone and joins the newly added access point. Once connected, the vulnerability has been activated and Josh is now unable to use his Wi-Fi settings or change them at all.
How to Reset Network Settings on iPhone:
At 1:07 in the video, Josh demonstrates how a user can quickly fix their iPhone’s Wi-Fi settings should they fall victim to joining a hacked SSID access point such as this one. Follow the steps below to get your Wi-Fi up and running again:
- Go into Settings > General > Reset
- Click on ‘Reset Network Settings’
Doing this will delete the access point from your list and allow you to change your settings.
How to Prevent iPhone Hacks Through Rogue Hotspots:
Apple is currently in the process of creating a patch that will fix this specific vulnerability for the rogue network name %p%s%s%s%s%n. However, to prevent any sort of attack like this from happening to you in the future, it is important to not connect to any network/hotspot that you are unfamiliar with.
For businesses, it’s important to train your employees on the dangers of joining unknown networks. By performing security trainings, you can assure that your team has the skills to point out dangers and prevent attacks like these from happening. GraVoc provides Information Security services, including information security training, to businesses throughout the US to help spot vulnerabilities such as these. For more information on preventing these types of attacks, check out our Information Security Services.
How Do Hackers Do Things Series
If you enjoyed this video, make sure to check out our other How Do Hackers Do things videos for more great security videos and tips! How Do Hackers Do Things focuses on different methods of hacking that cybercriminals use to exploit their victims. Our goal is bring awareness to the vulnerabilities and hacking methods that surround our everyday lives!
Related articles
Change Healthcare Attack: Ransomware Protection Measures for Healthcare Organizations
In light of the Change Healthcare attack, we explore why hackers target healthcare and how healthcare can defend against ransomware.
GraVoc Recognized on CRN MSP 500 List for Second Year in a Row
For the second year in a row, GraVoc has been recognized on the CRN® MSP 500 list in the Pioneer 250 category!
PCI SAQ Types: Which SAQ is Right for Your Business?
In this blog post, we provide an overview of the SAQ types for PCI DSS v4.0 and how to select a PCI SAQ that’s right for your business.