Apple products like iPads are designed to automatically connect to wireless networks they have connected before. They go for it with a comparably weak level of authentication.

“If you connect to a network named “Hotspot” once, going forward your device may automatically connect to any open network that also happens to be called “Hotspot.”

    “For example, to use Starbuck’s free Wi-Fi service, you’ll have to connect to a network called “attwifi”. But once you’ve done that, you won’t ever have to manually connect to a network called “attwifi” ever again. The next time you visit a Starbucks, just pull out your iPad and the device automagically connects.

    From an attacker’s perspective, this is a golden opportunity. Why? He only needs to advertise a fake open network called “attwifi” at a spot where large numbers of computer users are known to congregate. Using specialized hardware to amplify his Wi-Fi signal, he can force many users to connect to his (evil) “attwifi” hotspot. From there, he can attempt to inspect, modify or redirect any network traffic for any iPads or other devices that unwittingly connect to his evil network.”

Once the device gets connected to the malicious network, the device is then configured to draw its NTP updates from a compromised server, which sets the time and date as January 1, 1970, you might be aware that what happens next after setting the said date in iOS devices.

“The iPads that were brought within range of the test (evil) network rebooted, and began to slowly self-destruct. It’s not clear why they do this, but here’s one possible explanation: Most applications on an iPad are configured to use security certificates that encrypt data transmitted to and from the user’s device. Those encryption certificates stop working correctly if the system time and date on the user’s mobile is set to a year that predates the certificate’s issuance.”

Fortunately we can get rid of this problem by simply updating the iOS build to version 9.3.1 or newer. Your device will remain at risk of getting remotely bricked if you don’t do it.
Axact

Author

My name is Dave, Am a cool IT Geek, computer analyst and a tutor. I do alot of computer stuffs like programming, web development, blogging, data administrator, computer security and lots more. Feel free to contact me if want more informations and tutorials.

Post A Comment:

0 comments: