Wi-Fi systems disable iPhones by connecting to ssid ‘%p%s%s%s%s%n’

A Danish reverse engineer has found a bug in iOS on iPhones that makes Wi-Fi functionality unusable. A user just needs to connect to a signal with ssid ‘%p%s%s%s%s%n’ and the wifi is down.

Anyone who connects to such a network will notice that the Wi-Fi is switched off and can no longer be switched on, even after a reset. “Even rebooting or changing the ssid doesn’t help”, he says. Fortunately, there is a solution for this: whoever completely resets all network settings will get his WiFi functionalities back. On Android, the ssid does nothing.

According to an analysis by Bleeping Computer, it is probably a string formatting vulnerability. In C and C-style programming languages, % signs followed by a letter are interpreted as a variable or a command, the site writes. 9to5Mac goes on to speculate: “The Wi-Fi system forwards this text to an internal library that does string formatting, which again does arbitrary memory writes, causes a buffer overflow, and then the iOS watchdog kills the process.”

Bleeping Computer managed to reproduce the flaw on an iPhone running iOS 14.6 and the Dane himself, Carl Schou, did it on an iPhone XS with iOS 14.4.2 on board. Apple has not yet responded to a request for comment from Bleeping Computer.

Click on the image for a gif

Leave a comment