So, in essence you say there are a lot of idiots on Macrumors.
Well done...
Ive been saying it since 2011
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
iOS Bug Causes Specific Network Name to Disable Wi-Fi on iPhones
- Thread starter MacRumors
- Start date
- Sort by reaction score
Ive been saying it since 2011
How about if iOS blocked people from accessing a network called "Free Wifi"?
Probably somebody wrote something analogous to "NSLog(string)" when, of course, the correct thing to do is "NSLog(@"%@", string)".
Granted, but what worries me most is that these class of bugs are well known and should not pass undetected by basic static checks. It's important for Apple to fix the issue but IMHO far more important to figure out how such issue managed to get into the final product.
If resetting Network Preferences fixes it it’s not permanent, is it?
There are a lot of reasons to reset those.
There are a lot of reasons to reset those.
I think the issue is that this could be exploited to harm others. Such as:So, in essence you say there are a lot of idiots on Macrumors.
Well done...
serious question, how do you even come up with an SSID like "%p%s%s%s%s%n" and then discover it causes an issue, and why would it?
My guess is it wasn't exactly "%p%s%s%s%s%n", but rather someone trying to make their SSID look cool with special characters.
Maybe something like "%%SSss Miles Place ssSS%%" but in a combination that sets off the bug. Some iPhones got brought in for service that had the problem, and the people at the service place got curious and investigated further. Eventually it got out to the security community.
There's hundreds of millions of people out there; you're going to come across odd situations like this purely by chance.
1. I found that since the last iOS updates, the network name "default" causes networks to be classified as unreliable, and access from iOS is aborted in irregular intervals.
Even resetting the network settings does not change anything, you are forced to use a more "specific" SSID. There is probably a blacklist that Apple is using.
Why and who generates such blacklist (ostensibly for security reasons) remains unclear.
Perhaps the assignment/location of an iPhone is made somewhat more difficult using often used non specific names.
Has anyone read any reports on this?
2. In general, I find it highly critical that a network name can trigger specific functions on base level on an iPhone, be it a network crash or a "permanently disabled."
After all, really bad things would be conceivable. Apple should comment on this feature.
3. Is it [...] illegal to collect WiFi network information?
Google: 'We do not believe it is illegal--this is all publicly broadcast information which is accessible to anyone with a WiFi-enabled device.'
Distinguishable SSID are very important for many services.
[https://europe.googleblog.com/2010/04/data-collected-by-google-cars.html]
Even resetting the network settings does not change anything, you are forced to use a more "specific" SSID. There is probably a blacklist that Apple is using.
Why and who generates such blacklist (ostensibly for security reasons) remains unclear.
Perhaps the assignment/location of an iPhone is made somewhat more difficult using often used non specific names.
Has anyone read any reports on this?
2. In general, I find it highly critical that a network name can trigger specific functions on base level on an iPhone, be it a network crash or a "permanently disabled."
After all, really bad things would be conceivable. Apple should comment on this feature.
3. Is it [...] illegal to collect WiFi network information?
Google: 'We do not believe it is illegal--this is all publicly broadcast information which is accessible to anyone with a WiFi-enabled device.'
Distinguishable SSID are very important for many services.
[https://europe.googleblog.com/2010/04/data-collected-by-google-cars.html]
Last edited:
No amount of regression testing, automated and manual, will catch every oddball edge case. If it were easy Microsoft would have a bug free product. But it’s not easy.
There will always be bugs. Hopefully Apple has a sufficiently sophisticated regression testing process whereby the process finds the zero-day vulnerabilities. These types of bugs don’t worry me…as long as they don’t turn into zero day vulnerabilities.
This is not an oddball edge case though: it actually belongs to a well known class of vulnerabilities. As example, the paper I cited before is 30 years old.
Pretty much an edge case as who would put those characters into the router as a real SSID? It took until June 2021 since the beginning of time to find it…it’s an edge case.
The same way you end up with a son named "Robert'); DROP TABLE Students;--": you know software input should be sanitized against known problematic patterns but also know not every software does...
It's probably saving it into a database. Thus, they are likely sanitizing these kind of inputs, to prevent SQL injection attacks.
I don't know about you, but if I need wifi in an airport or something, and there's wifi, I use the wifi. Even if the name starts with a percent sign.
The bigger fish may be that this is exploitable in some other way, since clearly there is something wrong with the wifi network name handling.
People never cease to amaze me. Honestly, who would even think to do that in a WiFi networks name? I don’t have the passion for things like that as I’ve gotten older. When I was a kid, a teenager and even into my early twenties I loved to tinker, explore, tear down my PC and put it back togather. I built every desktop I owned after my first two computers. Then as I got into my twenties and found myself working in IT it became work, I wanted a computing platform that just worked and that happened to correspond with the release of the first Windows compatible iPod. I bought it, loved it, bought the first iPhone that was released and bought my first Mac when the Mac Mini was first was released. I’ve been using Macs and almost anything Apple ever since then precisely because I don’t have to tinker.
The overwhelming majority of the time it just works.I had some issues getting Boot Camp going on my 2017 27” iMac. I think ii was due to my dumb decision to go for a 1TB fusion drive versus a 512 GB SSD but for whatever reason I’ve always had a thing about owning my music and movies and wanting local copies of my digital media. What can I say? I was born in 1981. Physical media and having digital copies of files has meaning to me. Streaming is great but I’m not working for the rest of my life to get nickel and dimed by streaming and other SAS solutions. At some point I’ll be on a budget and will want to own my library of music and movies and not rely on streaming and monthly fee after monthly fee for the stuff I really love.
The overwhelming majority of the time it just works.I had some issues getting Boot Camp going on my 2017 27” iMac. I think ii was due to my dumb decision to go for a 1TB fusion drive versus a 512 GB SSD but for whatever reason I’ve always had a thing about owning my music and movies and wanting local copies of my digital media. What can I say? I was born in 1981. Physical media and having digital copies of files has meaning to me. Streaming is great but I’m not working for the rest of my life to get nickel and dimed by streaming and other SAS solutions. At some point I’ll be on a budget and will want to own my library of music and movies and not rely on streaming and monthly fee after monthly fee for the stuff I really love.
For example, a mobile WLAN access point can send its SSID beacons every 100 ms, triggering reactions on iPhones. This documented case in base level device response is certainly one of the harmless ones. I think a whole new critical discussion must arise here, especially with Apple.
Nice and comprehensible description.
But this is about something completely different. Until now, it was assumed that Apple would not allow its OS to be prepared in such a way that "from the outside" one could cause trouble in the devices using e.g. specific SSIDs. This is very critical!
Any actor looking for exploitable input vulnerabilities. As stated, these are very well known problematic input patterns. The paper I cited before focusing on them is more than 20 years old.
Or, from the words of the researcher in the original article:
You don't know since when the vulnerability exists: the article as far as I've read only mentions tests with iOS 14, so it could have been introduced relatively recently. Furthermore, you know it was publicly disclosed in June 2021, but this doesn't mean other actors could have found the issue and not disclosed it (as sometimes happens).
Anyway, focusing on the SSID is focusing on the tree and missing the forest: the question is why this class of vulnerabilities as a whole managed to land on iOS, since there are well known ways to prevent them.
He wondered, "What can I name my WiFi network?" while standing at the urinal and dribbling on his shoes. Then it came to him in a splash, "I'll name it %p%s%s%s%s%n"!
Does %p%s%s%s%s%N clear / reset your password by SSID function mapping?He wondered, "What can I name my WiFi network?" while standing at the urinal and dribbling on his shoes. Then it came to him in a splash, "I'll name it %p%s%s%s%s%N"!
I have no insight into the SSID CW list.
Last edited:
