A security researcher has found that connecting an iPhone to Wi-Fi networks with certain names can disable the iPhones Wi-Fi support, permanently! well, for now.
Secret Club founder Carl Schou recently revealed that if an iPhone connected to a network with the SSID name “%p%s%s%s%s%n“, it would result in a bug within iOS’ networking stack disabling the phone’s Wi-Fi and networking features.
The effect was initially feared to be permanent, but it can be fixed by resetting the iPhone’s network settings.
Also Read: YouTube Native Picture-in-Picture (PiP) is Coming to iPhone, But There Is a Catch
The researcher has now found a problem that appears even worse than the previous discovery. In this new bug, he says that just coming into a range of public Wi-Fi networks named “%secretclub%power” can result in the same issues as before, and the problems may persist even after the network settings have been reset.
Seriously, I still don’t have WiFi pic.twitter.com/AaF9IQBvCp
— Carl Schou (@vm_call) July 4, 2021
In order to fix this second problem and restore WiFi functionality, you have to manually edit an iPhone backup and remove malicious entries from the known networks .plist
Thanks to @pieceofsummer and @wr3nchsr I now have WiFi again. To restore WiFi functionality, you have to manually edit an iPhone backup and remove malicious entries from the known networks .plist
— Carl Schou (@vm_call) July 4, 2021
The ‘%[character]’ syntax is commonly used in programming languages to format variables into an output string. In C, the ‘%n’ specifier means to save the number of characters written into the format string out to a variable passed to the string format function. The Wi-Fi subsystem probably passes the Wi-Fi network name (SSID) unsanitized to some internal library that is performing string formatting, which in turn causes an arbitrary memory write and buffer overflow. This will lead to memory corruption and the iOS watchdog will kill the process, hence effectively disabling Wi-Fi for the user.
-9To5Mac:
We can expect more damaging SSID names with the ‘%s’, ‘%p’, and ‘%n’ character sequences to be discovered before Apple finds a fix.
