Reported by BleepingComputer, a significant flaw has been found in the WiFi of iPhones and it leaves millions of devices around the world vulnerable to exploitation. Furthermore, once triggered, iPhones are no longer able to connect to any wireless network.
The flaw was discovered by accident by reverse engineer Carl Schou after he tried to connect an iPhone to his personal WiFi that uses the SSID ‘%p%s%s%s%s%n’. The iPhone refused to connect then disabled its WiFi. “Neither rebooting nor changing SSID fixes it,” tweeted Schou. Instead the iPhone was caught in a loop, as seen in the screen recording below.
The iPhone Schou used was running iOS 14.4.2 but BleepingComputer consequently confirmed it also affects iPhones running the latest iOS 14.6 release. iPads were not tested but I would expect them to be vulnerable as well. Android devices are not affected.
So what is going on? According to research by security blog CodeColorist, the flaw is a Format String Bug where certain characters can be misread by an operating system to be commands rather than simply a name (in this case “%”). This causes devices to malfunction, something hackers can use to exploit devices or just cause malicious damage. The bug is similar to the SMS flaw which caused widespread messaging problems on iPhones late last year.
Right now, the only short term fix is somewhat brutal. Affected users have to reset their iPhone network settings (Settings > General > Reset > Reset Network Settings), which will erase all your WiFi passwords. It is also not a permanent fix. Any time your device is affected, you will have to do it all over again.
I expect Apple will release an emergency iOS update to fix this (likely iOS 14.6.1 as well an iOS 12 update for older iPhones). In the meantime, I have contacted Apple and will update this article when/if I receive a response.
Follow Gordon on Facebook
More On Forbes
iPhone 13 Production Schedule ‘Ahead Of Schedule’, Claims Report
New MagSafe Health Concerns Flagged For iPhone 12 Users With CIEDs