Beware! Connecting to This Wireless Network Can Break Your iPhone’s Wi-Fi Feature

A wireless network naming bug has been discovered in Apple’s iOS
operating system that effectively disables an iPhone’s ability to
connect to a Wi-Fi network.

The issue was spotted by security researcher Carl Schou^[1], who found that the
phone’s Wi-Fi functionality gets permanently disabled after joining
a Wi-Fi network with the unusual name “%p%s%s%s%s%n” even
after rebooting the phone or changing the network’s name (i.e.,
service set identifier or SSID).

The bug could have serious implications in that bad actors could
exploit the issue to plant fraudulent Wi-Fi hotspots with the name
in question to break the device’s wireless networking features.

After joining my personal WiFi with the SSID
“%p%s%s%s%s%n”, my iPhone permanently disabled it’s WiFi
functionality. Neither rebooting nor changing SSID fixes it :~)
pic.twitter.com/2eue90JFu3^[2]

The issue stems from a string formatting^[4]
bug in the manner iOS parses the SSID input, triggering a denial of
service in the process, according to Zhi Zhou, a senior security
engineer at Ant Financial Light-Year Security Labs in a short
analysis published on Saturday.

“For the exploitability, it doesn’t echo and the rest of the
parameters don’t seem like to be controllable. Thus I don’t think
this case is exploitable,” Zhou noted^[5]. “After all, to trigger
this bug, you need to connect to that WiFi, where the SSID is
visible to the victim. A phishing Wi-Fi portal page might as well
be more effective.”

While the issue isn’t reproducible on Android devices^[6], iPhones that have been
affected by the problem would need to have their iOS network
settings reset by going to Settings > General
> Reset > Reset Network Settings and
confirm the action.