Dubbed WifiDemon by researchers; the attack required the victim’s wifi to be set on auto-join which is by default in iPhones.
Just about a month ago, a bug was discovered in Apple’s iPhone devices that disabled the WIFI functionality of the phone if it connected to a personal hotspot with a specific SSID containing a special character. It targeted iOS 14 – 14.6 and users were unable to use the wifi despite renaming the hotspot or restarting the phone.
Resetting the network settings made the wifi work again. This initially was termed a Denial-of-Service (DoS) problem. Now, it turns out, there was more to the bug which made it a full-blown vulnerability.
Researchers from a startup called ZecOps have found that the bug could be used by attackers to remotely execute code (an RCE attack) without any user action making it a zero-click attack.
Dubbed WifiDemon by researchers; the attack required the victim’s wifi to be set on auto-join which is by default in iPhones. Exploring the technical side, the researchers explain:
“wifid is a system daemon that handles protocol associated with WIFI connection. Wifid runs as root. Most of the handling functions are defined in the CoreWiFi framework, and these services are not accessible from within the sandbox. wifid is a sensitive daemon that may lead to whole system compromise.”
The consequences of this could be that malware can be installed in a user’s device helping attackers to spy on them and steal their data.
Currently, Apple has released a patch for iOS 14.4 but 14.6 still remains vulnerable which means that users are still at risk. We do not know when Apple may release a patch for them as well therefore, it is highly recommended that they disable the auto-join WiFi feature immediately and also not join unknown Wi-Fi – especially at public places.
Explaining, the researchers state in a blog post that,
“The iPhone scans WiFi to join every ~3 seconds while the user is actively using the phone. Furthermore, even if the user’s phone screen has been turned off, it still scans for WiFi but at a relatively lower frequency. The waiting time for the following scan will be longer and longer, from ~10 seconds to 1+ minute.”
To conclude, we are yet to see when Apple will release the next patch. It may be in the next iOS update but there are no confirmations. Until then, everyone should keep in mind the above precautions otherwise they risk being compromised.