This SSID name can disable an iPhone's Wi-Fi

midian182

midian182

Posts: 9,745   +121
Staff member
What just happened? Just a few weeks after a similar issue was discovered, a security researcher has found that connecting an iPhone to Wi-Fi networks with a certain name can disable the device's Wi-Fi support—and fixing the problem is far from easy.

A couple of weeks ago, Secret Club founder Carl Schou revealed that if an iPhone connected to a network with the SSID name "%p%s%s%s%s%n", it would result in a bug within iOS' networking stack disabling the phone's Wi-Fi and networking features. The effect was initially feared to be permanent, but it can be fixed by resetting the iPhone's network settings.

Now, Schou has found a similar problem that appears even worse than the previous discovery. He writes that just coming into range of public Wi-Fi networks named "%secretclub%power" can result in the same issues as before, and the problems may persist even after the network settings have been reset.

The only solution might be a hard factory reset, though some users say (via PCMag) restoring a device using iTunes could work. One Twitter user writes that manually removing the Wi-Fi network names from "com.apple. Wi-Fi.known-networks.plist" before a device is restored can also fix the problem.

Why do these names bork an iPhone's Wi-Fi? According to 9To5Mac:

The '%[character]' syntax is commonly used in programming languages to format variables into an output string. In C, the '%n' specifier means to save the number of characters written into the format string out to a variable passed to the string format function. The Wi-Fi subsystem probably passes the Wi-Fi network name (SSID) unsanitized to some internal library that is performing string formatting, which in turn causes an arbitrary memory write and buffer overflow. This will lead to memory corruption and the iOS watchdog will kill the process, hence effectively disabling Wi-Fi for the user.

Expect more damaging SSID names with the '%s', '%p' and '%n' character sequences to be discovered before Apple rolls out a fix.

Image credit: Camilo Concha

Permalink to story.

https://www.techspot.com/news/90297-ssid-name-can-disable-iphone-wi-fi-could.html

 
If you're into weird SSID names you're probably better off with something like X Æ A-XII, not using % or / or & or \
 
  • Like
Reactions: Reehahs
Hollow said:
And I though Apple softwares had above average quality...
Click to expand...
All complex software will have edge cases.

Though, iOS should have a better way to view saved networks when wifi is turned off...
 
Last edited:
m4a4 said:
All complex software will have edge cases.

Though, iOS should have a better way to view networks when wifi is turned off...
Click to expand...
Is there a way with any OS to view available WiFi networks without having WiFi turned on? Seriously, does any OS cache WiFi networks for viewing when the WiFi on the device is turned off?? Available networks could and do change at any time. Caching them when the device's WiFi is turned off does not seem like a good idea.

One can always tell iOS to not automatically connect to networks, and if one does connect to a network named as such, I think that is an unwise decision - even without knowing about this "bug".
 
wiyosaya said:
Is there a way with any OS to view available WiFi networks without having WiFi turned on? Seriously, does any OS cache WiFi networks for viewing when the WiFi on the device is turned off?? Available networks could and do change at any time. Caching them when the device's WiFi is turned off does not seem like a good idea.

One can always tell iOS to not automatically connect to networks, and if one does connect to a network named as such, I think that is an unwise decision - even without knowing about this "bug".
Click to expand...
...What? I'm talking about saved networks. That's what was implied throughout the article (but apparently I've got to make that more clear). Of course you can't view available networks when the wifi is off...
 
m4a4 said:
All complex software will have edge cases.

Though, iOS should have a better way to view saved networks when wifi is turned off...
Click to expand...
This is not an edge case, those special characters are valid for use in SSID names, other devices don't suffer from this issue. Apple software and systems engineers failed to adequately create test cases to catch the bug.
 
  • Like
Reactions: Hollow, wizardB, ZipperBoi and 2 others
DrSuess said:
This is not an edge case, those special characters are valid for use in SSID names, other devices don't suffer from this issue. Apple software and systems engineers failed to adequately create test cases to catch the bug.
Click to expand...
They are not normal characters for an SSID, hence why it's only been found 10+ years after the iPhone launched. It very much is an edge case (even if other OS's don't have the problem).
 
m4a4 said:
...What? I'm talking about saved networks. That's what was implied throughout the article (but apparently I've got to make that more clear). Of course you can't view available networks when the wifi is off...
Click to expand...
From the article -
Just a few weeks after a similar issue was discovered, a security researcher has found that connecting an iPhone to Wi-Fi networks with a certain name can disable the device's Wi-Fi support—and fixing the problem is far from easy.
Click to expand...
Connecting is the operative word here. As I see it, if your iPhone is set to automatically connect to networks, you are just setting yourself up for problems regardless of this bug. The way my iPad mini works is that it remembers networks only if I connect to them.

I know some users might find it an extra chore to have to go into the available WiFi networks and select which one to connect to, but obviously, especially with this bug, they are placing their devices at risk.

If resetting network settings does not always take care of the problems, how is seeing saved networks going to provide a solution - since resetting network settings implies that saved networks are deleted? Apparently, even if you were able to delete such a network from "saved networks" it might not solve the problem.

From my reading of the article, not connecting to such a network would prevent encountering the problem in the first place. So, apparently, unchecking "automatically connect to networks" would be an ideal, just common sense, solution until crApple programmers get their act together and fix the bug that they failed to test for.
 
wiyosaya said:
From the article -
Connecting is the operative word here. As I see it, if your iPhone is set to automatically connect to networks, you are just setting yourself up for problems regardless of this bug. The way my iPad mini works is that it remembers networks only if I connect to them.

I know some users might find it an extra chore to have to go into the available WiFi networks and select which one to connect to, but obviously, especially with this bug, they are placing their devices at risk.

If resetting network settings does not always take care of the problems, how is seeing saved networks going to provide a solution - since resetting network settings implies that saved networks are deleted? Apparently, even if you were able to delete such a network from "saved networks" it might not solve the problem.

From my reading of the article, not connecting to such a network would prevent encountering the problem in the first place. So, apparently, unchecking "automatically connect to networks" would be an ideal solution until crApple programmers get their act together and fix the bug that they failed to test for.
Click to expand...
I don't know what you're getting at in relation to what I said. It's a problem because the device tries to load up it's saved networks (and loading that saved SSID causes an issue). It even says in the article that it's fixed by editing out the problem SSID from saved networks manually ("com.apple. Wi-Fi.known-networks.plist"), as the backup might contain the SSID.

And you can't view the list while the wifi is off. And you can't turn on the wifi because of the bug. Having the option to see saved networks regardless of wifi state could help...... assuming that wouldn't also be broken...
 
  • Like
Reactions: Hollow
Nobina said:
Text = iPhone weakness.
Click to expand...

Just as simular as programming PHP and checking the values you allow to post, this is a bug that somehow disables the wireless completely.

I mean does anyone remember this one still?

18mpenleoksq8jpg.jpg


Very common, strip slashes. Dont trust anything users are allowed to post to your application, website or whatever.
 
Hollow said:
And I though Apple softwares had above average quality...
Click to expand...

No, it's that there are 2-3 Apple devices released each year and 4,503 android devices
released each year. It's easier to find bugs and crap all over someone when there are zillions
of them.
 
m4a4 said:
They are not normal characters for an SSID, hence why it's only been found 10+ years after the iPhone launched. It very much is an edge case (even if other OS's don't have the problem).
Click to expand...
Its not an edge case when the WIFI specification says what is valid and you should handle them properly, other OS provider's have designed for this and have successfully implemented these special cases. Apple did no follow the published specification, its a bug not an edge case
 
DrSuess said:
Its not an edge case when the WIFI specification says what is valid and you should handle them properly, other OS provider's have designed for this and have successfully implemented these special cases. Apple did no follow the published specification, its a bug not an edge case
Click to expand...
EnchantedInfamousHoneycreeper-size_restricted.gif

An edge case (like this) is also considered a bug. They're not mutually exclusive LOL

It's quite literally what any programmer would call an edge case. And I even gave you the definition of an edge case. But you can't seem to comprehend that these aren't normal characters to use (and thus wasn't a case that was found until now). At the edge of what people would try.......
 
  • Like
Reactions: terzaerian
m4a4 said:
I don't know what you're getting at in relation to what I said. It's a problem because the device tries to load up it's saved networks (and loading that saved SSID causes an issue). It even says in the article that it's fixed by editing out the problem SSID from saved networks manually ("com.apple. Wi-Fi.known-networks.plist"), as the backup might contain the SSID.

And you can't view the list while the wifi is off. And you can't turn on the wifi because of the bug. Having the option to see saved networks regardless of wifi state could help...... assuming that wouldn't also be broken...
Click to expand...
I don't know why you do not seem to understand that to encounter the bug, you need to connect to the hotspot with the screwy name. The answer is simple. Just don't connect to a hotspot with a screwy name. That is just common sense anyway as the practice is intended to PREVENT problems like this. Capiche? Or do you just automatically connect to anything because you cannot live without the interent? Have you heard the adage - an ounce of prevention is worth a pound of cure?

But what the hey! You are entitled to connect to any wifi hotspot you want to connect to even if it compromises your device security. :facepalm:
 
wiyosaya said:
I don't know why you do not seem to understand that to encounter the bug, you need to connect to the hotspot with the screwy name. The answer is simple. Just don't connect to a hotspot with a screwy name. That is just common sense anyway as the practice is intended to PREVENT problems like this. Capiche? Or do you just automatically connect to anything because you cannot live without the interent? Have you heard the adage - an ounce of prevention is worth a pound of cure?

But what the hey! You are entitled to connect to any wifi hotspot you want to connect to even if it compromises your device security. :facepalm:
Click to expand...
I could care less about your implication here. I never said you couldn't, and I never implied otherwise lol

You're arguing a point that no one else brought up or refuted.

The only thing I said was that it's an edge case, and that it would be nice to view saved networks with the wifi off. No relation to what I said... 🤦‍♂️
 
Hollow said:
And I though Apple softwares had above average quality...
Click to expand...
It's purely marketing. Get out the microscope or start scrutinizing the code and Apple devices are put together worse than electronics you'd get in a Dollar General.

You think a tech company achieves a 2 trillion dollar market cap sparing no expense for the end user?
 
  • Like
Reactions: m4a4 and ilovelinux
DrSuess said:
This is not an edge case, those special characters are valid for use in SSID names, other devices don't suffer from this issue. Apple software and systems engineers failed to adequately create test cases to catch the bug.
Click to expand...
It's far worse than that. Literally any user input should be sanitised. Passing a SSID and processing it like a complex string is unbelievably poor practice. I cannot understand how the network code was not heavily vetted for EXACTLY this issue. The amount of inputs in that part of the interface are miniscule.
 
  • Like
Reactions: Lozzy, m4a4 and terzaerian
m4a4 said:
...What? I'm talking about saved networks. That's what was implied throughout the article (but apparently I've got to make that more clear). Of course you can't view available networks when the wifi is off...
Click to expand...


Did you read the complete article? You do Not need to connect to any network. Just detecting the SSID causes the issue. Read the article again.

Here's the quote "just coming into range of public Wi-Fi networks named "%secretclub%power" can result in the same issues as before"
 
wiyosaya said:
I don't know why you do not seem to understand that to encounter the bug, you need to connect to the hotspot with the screwy name. The answer is simple. Just don't connect to a hotspot with a screwy name. That is just common sense anyway as the practice is intended to PREVENT problems like this. Capiche? Or do you just automatically connect to anything because you cannot live without the interent? Have you heard the adage - an ounce of prevention is worth a pound of cure?

But what the hey! You are entitled to connect to any wifi hotspot you want to connect to even if it compromises your device security. :facepalm:
Click to expand...

The article literally says you don't need to connect to any article. :facepalm:

"just coming into range of public Wi-Fi networks named "%secretclub%power" can result in the same issues as before"
 
  • Like
Reactions: Lozzy and terzaerian
You must log in or register to reply here.

Similar threads

A
Latest Windows Insider build hits the Canary Channel with Wi-Fi 7 support
Replies
0
Views
157
Alfonso Maruccia
A
midian182
Minnesota burglars are using Wi-Fi jammers to disable home security systems
Replies
24
Views
4K
erickmendes
erickmendes
A
The Wi-Fi 7 standard has been finalized, certification program for compatible devices...
Replies
3
Views
285
mountains
M

Latest posts

Back