In a blog entry titled “No iOS Zone,” mobile security research firm Skycure has laid out, in very general terms, an attack on iOS 8 gadgets that throws them into a cycle of continual restarts. They demonstrated this attack at the RSA security conference in San Francisco, using an special public WiFi network and an invalid SSL certificate. Skycure says it is currently working with Apple on a fix to this issue but meanwhile iPhone and iPad clients should hesitate to connect to any public WiFi hot spots until the flaw is fixed.
Skycure claims that the issue is related with another issue where an installed application that depends upon SSL encryption, as most do, is presented with a particular improper certificate that may cause the application to crash. This new issue, however, is a much broader issue as it affects an OS-level service – WiFi connectivity – and not a particular application. As indicated by the following video posted on YouTube, an iPhone will basically reboot again and again after having connected with a malicious network.
As is being widely reported, it is not hard to spoof existing broadly available hotspots like “attwifi” or airport public networks, and its unlikely that the normal client will have enough knowledge or forewarning in order to avoid attacks like this, so it is left up to Apple to fix this issue as fast as could. This flaw continues a troubled couple of years for Apple when it comes to security, as their rise in market share leaves them scrambling to stay in front of hackers.