A few weeks ago, on his Twitter account, the developer Carl Shou flagged up a serious error relating to Wi-Fi networks on iOS, Apple’s operating system for iPhones. It connects to a network with an SSID (Service Set Identifier) called “%p%s%s%s%s%n”. Once this bug gets in, it disables the device’s Wi-Fi, preventing it from joining any other network.
There is a partial remedy, as you can reset the default network settings on the device (in Settings > General > Reset > Reset Network Settings), but it is far from the ideal solution for users, as it means starting from scratch. The device won’t remember any networks, and users will have to re-enter passwords on closed Wi-Fi networks. Fortunately, Apple Insider has revealed that the iOS 14.7 beta for developers includes a patch that fixes the bug, although it’s not clear when this patch will be available to all users.
Apart from the inconvenience to users, analysts at Threat Post believe it could show hackers how to execute wireless cyberattacks. In fact, CodeColorist calls the bug an “Uncontrolled Format String”: a type of vulnerability that exploits functions that generate formatted text in programming code. In this case, the iOS operating system erroneously "reads" the "%" characters of the SSID of the Wi-Fi network as if they were commands for the code generating the error.
Experts see such bugs as a frequent and widespread problem for app developers, but just how dangerous are they? The bug discovered by Shou does not seem that harmful per se, since it can only occur if the user connects to a network with that particular SSID and the consequences don’t go beyond device misconfiguration. However, they warn that it could unlock opportunities for cyberattackers to exploit.
One scenario they pose is that a Wi-Fi Access Point (AP) actually constitutes a hoax and redirects to a Wi-Fi network with an SSID that manages to trigger other types of vulnerabilities in devices not yet discovered. Hackers would then combine these vulnerabilities with an "Evil Twin." As we explained previously in the blog, this type of Wi-Fi threat mimics a legitimate AP and if its victim falls prey to this ruse, cybercriminals can then intercept their data or even load malware onto their devices.
Trusted wireless environments
To avoid such bugs, which could provide a future attack vector for actors, users should be wary of connecting their devices to wireless networks with questionable SSIDs. But as cyberattacks using "evil twins" have taught us, this trait can become falsifiable, so we need to take other measures.
On the other hand, ensuring the device operating system is updated to the latest version will also prevent exploitation of vulnerabilities in many cases, although as with the iOS bug, updates may take time to include the patches that solve them.
This is why users should always connect under a Trusted Wireless Environment, in other words, a framework in which a complete Wi-Fi network is developed that is fast, easy to manage and, above all, secure. In this sense, Watchguard’s Cloud-Managed Solutions for Wi-Fi assure MSPs that their organizations provide this secure space and provide absolute visibility for all network activity. Any anomalies or suspicious activity will be detected quickly, and this will safeguard user devices, ranging from laptops to iPhones, and reduce the chances of Wi-Fi networks compromising businesses.