An IT security specialist stumbled upon a strange bug in iOS that paralyzed the entire WLAN stack of Apple’s mobile operating system. As Carl Schou explains on Twitter, he chose the SSID for his WLAN as a test
%p%s%s%s%s%n – and as soon as his iPhone connected to it, the smartphone’s WiFi component could no longer be activated. Only resetting the WLAN settings provided a remedy, so that all stored networks are deleted. The bug in iOS is probably harmless and cannot be misused.
All WiFi network functions of the iPhone blocked
As soon as Schou connected his iPhone to this special network, the smartphone generally refused any WLAN activity and no longer connected to any other known network. Even changing the SSID of the test network did not change anything – apparently the iPhone failed to process the internally stored SSID. System-wide network functions such as AirDrop also no longer worked, even restarting the device did not change anything, reports MacRumors.
Schou, who runs the security blog secret.club, does not specify how he came across the error or under what circumstances. For example, he does not name the iOS version used – one can only assume that it is the current version 14 (current status 14.6). It is also unclear whether the error also occurs on an iPad. The sequence of characters used by Schou does not contain any characters that are not permitted in an SSID.
Probably iOS stumbles upon format string
The exact cause of the malfunction in iOS is not known, but the characters used for the SSID provide a hint: The sequence ‘%[Buchstabe]’Some programming languages use a format string. The exploitation of a security gap by a so-called format string attack has been known since 1999: An attacker takes advantage of the negligence of the software to process external data unfiltered and to interpret it elsewhere as an instruction.
Apparently that is also the case here. Inspired by the discovery by Schou, another specialist in IT security and reverse engineering investigated the behavior of iOS and presented his discoveries on his blog chichou.me. The SSID is processed as a format string and passed on to a WiFi component, which then causes a buffer overflow. The process control in iOS therefore terminates the component – which has the visible consequence that WLAN can no longer be activated on the iPhone. One way out is to delete all network settings in the Settings app: “General”, “Reset”, “Network settings”.
The blogger behind chichou.me, CodeColorist, also suspects that the error cannot be maliciously exploited. No parameters could be checked via the SSID character string. On Twitter, a user also indicated that the bug could not be recreated on an older Android smartphone that was spontaneously tested.