[ad_1]
Thus, Apple has solved its dangerous and embarrassing Wi-Fi problem. iOS 14.7 Added “Enhanced Controls”, Apple Says, To Prevent Its Devices “From Joining A Rogue Wi-Fi Network [that] can cause a denial of service or the execution of an arbitrary code. But beware, iOS 14.7 does not protect you from Wi-Fi attacks. Far from it.
Apple devices are generally safer and more secure than the alternatives. Usually. But that doesn’t mean your iPhone, iPad, and Mac are secure. We’ve seen many iPhone vulnerabilities fixed in recent months with emergency fixes, and this week we’ve seen a stern warning about “very malicious” malware now attacking Macs.
Apple’s recent Wi-Fi security issue was an SSID engineered bug, where the combination of characters can cause the iPhone to treat the SSID as a passcode, thus locking out its Wi-Fi function. whether it could be used to attack the device itself, but, anyway, this is a specific vulnerability that Apple fixed in iOS 14.7.
We’ve seen similar issues before with so-called text bombs, where crafted strings of text can overwhelm an Apple device, triggering unexpected behaviors. These attacks usually require a simple reset, although we’ve seen examples where text can never be processed in your chat history, which means removing and reinstalling the messaging app. Prior to the fix, the last Wi-Fi issue also required a reset.
The risk of all of these bugs is that once you force a device into an unusual state, you can often chain it with another exploit to attack the device, such as crashing seemingly harmless code that then downloads and installs software. malicious more evil.
Although the last flaw is technical, you only run a risk if you leave your Wi-Fi settings open. Otherwise, you will have to manually choose a Wi-Fi network with a strange name. You might have assumed that you were unlikely to fall for such an attack, but many of you will still have your Wi-Fi settings dangerously open. And while this particular flaw was aimed at cheating your phone, most Wi-Fi attacks are simply aimed at cheating on you.
Connectivity attacks on mobile devices can have multiple purposes. The easiest way is clearly to just intercept your traffic. It doesn’t help where this traffic is encrypted, but it can be compromising with plain text and web requests. Sometimes a security agency may not need the traffic, just a device ID and a known location – what protesters showed up at that location on that date, or where that lawyer was at that time? -the ?
In continuation of this, we have seen examples where knocking out individuals “out of communications” at specific times is valuable to an adversary. If I can block a protest group’s WhatsApp accounts, I can thwart their planning. Or if I can create a black dot while making devices appear to be connected, I can keep those targets dark.
Other attacks focus on implanting malware on the device once it has joined, perhaps by engaging in some form of user interface with the device as part of the process of connection to the network that actually attacks the device itself, with no filtering in place.
But when those risks involve Wi-Fi connectivity, it starts with a stupidly simple vulnerability that’s right there on your iPhone, and some wise advice you shouldn’t ignore. Change the setting and follow the advice and you won’t have to worry about being compromised in this way.
Let’s start with the tips. Don’t use public Wi-Fi hotspots, and if you really must, be sure to use a reputable VPN. It’s always that easy.
Sometimes an access point can be a malicious network with a generic name, “Free public Wi-Fi” or similar. But bad actors can also mimic popular or specific SSIDs, the names of the hotel, restaurant, or airport you’re in, for example. “Criminals can carry out an ‘evil twin attack’ by creating their own malicious network with a similar name,” the FBI warns, then you can “mistakenly connect to the criminal’s network instead.”
You shouldn’t join public Wi-Fi networks, even manually, but you should Absolutely, categorically, prevent your phone from automatically joining these networks without even realizing it, which is most likely configured by default at the moment.
“I would avoid automatically joining a public network,” warned security researcher Sean Wright. “Since they are public and open, it is too easy to tamper with them. “Your iPhone” sends probes for the access points to which it tries to connect, so [an attacker] can set up hotspots with those SSID. Nothing more than a cell phone is needed. “I was in a hotel lobby, set up my ‘free’ hotspot, and connected five devices within minutes.”
Bad actors can imitate the exact name of a popular hotspot, prompting you to connect manually even when automatic connection is disabled. Worse yet, they can mimic popular SSIDs, hoping you’ve used those networks before and your iPhone is set to join them when it sees them. “I once saw a Starbucks and a Subway Wi-Fi hotspot fly from Newark to Vegas at 35,000 feet,” Ian Thornton-Trump, head of ISO Cyjax told me.
The easiest option is to stick to the cell phone when you are on the move, when you are not at home or at work or in other known “friendly” places. While it is perfectly possible to spoof a cellular network, this falls within the realm of specialized and expensive interception.
However, it’s easy to keep yourself safe and if you change these settings, Wi-Fi issues like the most recent iPhone warning can’t get in your way.
Wifi settings
ios
In your iPhone settings, click on Wi-Fi, then make sure “Request to join networks” and “Automatically join hotspots” are both set to “Request” / “Request to join.” ”
If you do not have multiple networks stored by your device beyond home and work, you can set “Request to join networks” to “Off” or “Notify” to avoid having to click when you are. at home or at work, but you must click on the “i” circled in blue next to any other network you are connecting to and turn off automatic connection. You shouldn’t automatically connect to your local cafe’s Wi-Fi, as convenient as that may be.
Regarding this latest bug and the resulting fix, Thornton-Trump has a broader caveat. “My assertion is that it is not a safety issue,” he tells me. “I think this is legacy code from 5, 10, or 15 years ago that just can’t stand up to the current generation of reverse engineering and malicious hacking … Vendors seem to be in a battle. constant to secure and the pace of this battle has increased dramatically. ”
“Although this bug has been fixed,” agrees Jake Moore of ESET, “like all exploits, their very nature means that they remain unknown until they are located and, therefore, exercise caution. towards all connectivity must be carried out. Public Wi-Fi is often considered safe with the use of a VPN, but this may not always protect you against malicious Wi-Fi, so it’s important to check first or stick to it. 4G / 5G if in doubt.
Protecting yourself from almost any Wi-Fi compromise is as easy as the steps above. Until hotspot certification and anti-spoofing become universal, the trade-off between security and convenience means you need to be careful.
[ad_2]
Source link