Fake hotspot on Raspberry Pi makes bricks from iPad on older iOS versions
Disclaimer: information published exclusively for educational purposes, and not for use in practice
As you know, two months ago in iOS, they discovered a dangerous bug : if you put a date on January 1, 1970, the phone fails for an unknown reason.
Apple fixed the vulnerability in version 9.3.1, so that hackers got the moral right to publish practical manuals on how to use it. One of the ways is literally shaking its simplicity and harmfulness. It allows you to automate the process of turning someone else's device into a brick, or even many devices at the same time.
')
The trick with the massive defeat of the surrounding devices is based on the fact that they constantly check the NTP server to synchronize their watches.
Begin to guess?
Security experts Patrick Kelly and Matt Harrigan conducted an experiment and were able to pretty easily disable surrounding tablets on older iOS versions (the method is simple for iPad, harder for iPhone, more on this below).
It is known that iOS devices automatically connect to Wi-Fi “familiar” hotspots. By “familiar” is meant the one whose name is in the device’s memory. In fact, there are quite a few hotspots with guessed names. For example, knowing the name of a hotspot in a restaurant, you can direct an attack on visitors to this restaurant.
And in order to inflict damage to a specific victim, it is enough to find out the name of her home hotspot or access point in the place (cafe, restaurant) she visits.
All that is required is to install a fake hotspot with a given identifier and intercept traffic to time.apple.com using the dnsmasq program.
The photo shows fake hotspot Wi-Fi, made on the basis of the Raspberry Pi with the antenna Alfa. The total cost of the equipment does not exceed $ 120.
Result? After installing the hotspot, all vulnerable iPads within range start to slow down and fail. The user initiates a reboot, and after that the tablets begin to heat up quickly. The authors registered heating the iPad in an experiment to 54 ° C. The process takes 15-20 minutes.
An interesting side effect - almost all web traffic does not pass after changing the date on the device, which only encourages the victim to restart the iPad.
The method is effective for all 64-bit devices under iOS 9.3 and below. It should be noted that, unlike the iPad, iPhone phones get the date via GSM, so you have to emulate the GSM network using the OpenBTS software.
Conclusion: owners of devices on older versions of iOS should definitely upgrade to 9.3.1.
As you know, two months ago in iOS, they discovered a dangerous bug : if you put a date on January 1, 1970, the phone fails for an unknown reason.
Apple fixed the vulnerability in version 9.3.1, so that hackers got the moral right to publish practical manuals on how to use it. One of the ways is literally shaking its simplicity and harmfulness. It allows you to automate the process of turning someone else's device into a brick, or even many devices at the same time.
')
The trick with the massive defeat of the surrounding devices is based on the fact that they constantly check the NTP server to synchronize their watches.
Begin to guess?
Security experts Patrick Kelly and Matt Harrigan conducted an experiment and were able to pretty easily disable surrounding tablets on older iOS versions (the method is simple for iPad, harder for iPhone, more on this below).
It is known that iOS devices automatically connect to Wi-Fi “familiar” hotspots. By “familiar” is meant the one whose name is in the device’s memory. In fact, there are quite a few hotspots with guessed names. For example, knowing the name of a hotspot in a restaurant, you can direct an attack on visitors to this restaurant.
And in order to inflict damage to a specific victim, it is enough to find out the name of her home hotspot or access point in the place (cafe, restaurant) she visits.
All that is required is to install a fake hotspot with a given identifier and intercept traffic to time.apple.com using the dnsmasq program.
The photo shows fake hotspot Wi-Fi, made on the basis of the Raspberry Pi with the antenna Alfa. The total cost of the equipment does not exceed $ 120.
Result? After installing the hotspot, all vulnerable iPads within range start to slow down and fail. The user initiates a reboot, and after that the tablets begin to heat up quickly. The authors registered heating the iPad in an experiment to 54 ° C. The process takes 15-20 minutes.
An interesting side effect - almost all web traffic does not pass after changing the date on the device, which only encourages the victim to restart the iPad.
The method is effective for all 64-bit devices under iOS 9.3 and below. It should be noted that, unlike the iPad, iPhone phones get the date via GSM, so you have to emulate the GSM network using the OpenBTS software.
Conclusion: owners of devices on older versions of iOS should definitely upgrade to 9.3.1.
Source: https://habr.com/ru/post/392989/
All Articles