In this episode of How Do Hackers Do Things, GraVoc Security Consultant, Josh Jenkins, demonstrates how a hacker can break an iPhone’s Wi-Fi settings by creating a rogue hotspot through an SSID access point.
Recently, a bug was found within iPhones that if activated, can prevent users from accessing their Wi-Fi settings. How this specific bug works is that when a user connects to the Wi-Fi name, %p%s%s%s%s%n, this will cause their Wi-Fi functionality to not work and ultimately break. Even after rebooting, the devices are unable to connect to any Wi-Fi networks. This can also affect other Apple devices such as iPads and iMacs.
In this video, Josh demonstrates exactly how this is done by hackers. Josh creates a fake SSID access point using the 12 characters – %p%s%s%s%s%n. Once joined, this will disallow Josh from using his Wi-Fi settings. After Josh creates and adds the new SSID access point, he jumps onto his iPhone and joins the newly added access point. Once connected, the vulnerability has been activated and Josh is now unable to use his Wi-Fi settings or change them at all.
How to Reset Network Settings on iPhone:
At 1:07 in the video, Josh demonstrates how a user can quickly fix their iPhone’s Wi-Fi settings should they fall victim to joining a hacked SSID access point such as this one. Follow the steps below to get your Wi-Fi up and running again:
- Go into Settings > General > Reset
- Click on ‘Reset Network Settings’
Doing this will delete the access point from your list and allow you to change your settings.
How to Prevent iPhone Hacks Through Rogue Hotspots:
Apple is currently in the process of creating a patch that will fix this specific vulnerability for the rogue network name %p%s%s%s%s%n. However, to prevent any sort of attack like this from happening to you in the future, it is important to not connect to any network/hotspot that you are unfamiliar with.
For businesses, it’s important to train your employees on the dangers of joining unknown networks. By performing security trainings, you can assure that your team has the skills to point out dangers and prevent attacks like these from happening. GraVoc provides Information Security services, including information security training, to businesses throughout the US to help spot vulnerabilities such as these. For more information on preventing these types of attacks, check out our Information Security Services.
How Do Hackers Do Things Series
If you enjoyed this video, make sure to check out our other How Do Hackers Do things videos for more great security videos and tips! How Do Hackers Do Things focuses on different methods of hacking that cybercriminals use to exploit their victims. Our goal is bring awareness to the vulnerabilities and hacking methods that surround our everyday lives!
We’re thrilled to announce our new cybersecurity partnership with Gray, Gray & Gray, a leading independent accounting & consulting firm located in Canton, MA!
In this blog & video, we explore data compliance in cybersecurity & why it’s important for businesses to develop their own compliance program.
GraVoc’s Nate Gravel and Mike Kannan will be presenting at this year’s BankWorld on the importance of adversary simulation exercises.