WIFI Connection This string of garbled characters can destroy the Phone’s wireless function

Reverse engineer Carl Schou had a problem connecting to a personal WiFi hotspot named %p%s% S % S % N. Schou found that the Wi-Fi function on his phone was disabled as soon as he connected to the hotspot. With each attempt to turn it on, the WiFi function was immediately disabled, and restarting the device or changing the hotspot name was not an option.

The iPhone has a WiFi bug that allows you to disable your iPhone’s wireless function by simply connecting to a specific WiFi hotspot.

Last week, reverse engineer Carl Schou had a problem connecting to a personal WiFi hotspot called %p%s% S % S % N. Schou found that the Wi-Fi function on his phone was disabled as soon as he connected to the hotspot. With each attempt to turn it on, the WiFi function was immediately disabled, and restarting the device or changing the hotspot name was not an option.

Vulnerability emersion

Schou said he discovered the problem on the iPhone XS, which was running iOS 14.4.2. BleepingComputer researchers also confirmed the strange WiFi network problem on iphones running iOS 14.6.

Add a wireless network with an SSID of %p%s% S % S % N

In multiple tests, the researchers found that after trying to connect to a strange SSID, the WiFi Settings started to work incorrectly, causing problems with the iPhone’s wireless connection. In some tests, the connection to the SSID failed, but also failed to connect to the normal wireless network.

IPhone WiFi bug: WiFi function can be damaged when connected to certain WiFi. WiFi function is affected when connected to SSID

The potential risk is significant because a malicious attacker could plant a malicious WiFi hotspot in a public area to disrupt iPhone devices connected to the hotspot.

Some users tried to reproduce the vulnerability on Android devices, but found that the vulnerability did not reproduce on Android devices, indicating that the vulnerability does not affect Android devices.

Could be a string format vulnerability

Some researchers say the vulnerability may be caused by the output string analysis process. When a WiFi hotspot name contains a string containing “%”, iOS may erroneously translate the letter following “%” as a string format specifier.

In C and C-like languages, string format specifiers have a special meaning, and the language compiler processes them as variable names or commands, rather than as text.

For example, the following printf command does not actually print the “%n” character, but saves the 10 characters before %n into the variable c. %n” is just a format specifier, not a real text string.

printf("geeks for %ngeeks ", &c); 
Copy the code

How to respond?

While rebooting the device won’t solve the problem, it can be solved by resetting the device’s iPhone network Settings. The specific way is:

Go to iPhone Settings and select General. Then select Reset under General; You then enter the reset screen, where you can choose to reset different iOS features or to reset the device. Then vent reset network Settings can reset the network Settings.