This SSID name can disable an iPhone's Wi-Fi

midian182

Posts: 7,060   +62
Staff member
What just happened? Just a few weeks after a similar issue was discovered, a security researcher has found that connecting an iPhone to Wi-Fi networks with a certain name can disable the device's Wi-Fi support—and fixing the problem is far from easy.

A couple of weeks ago, Secret Club founder Carl Schou revealed that if an iPhone connected to a network with the SSID name "%p%s%s%s%s%n", it would result in a bug within iOS' networking stack disabling the phone's Wi-Fi and networking features. The effect was initially feared to be permanent, but it can be fixed by resetting the iPhone's network settings.

Now, Schou has found a similar problem that appears even worse than the previous discovery. He writes that just coming into range of public Wi-Fi networks named "%secretclub%power" can result in the same issues as before, and the problems may persist even after the network settings have been reset.

The only solution might be a hard factory reset, though some users say (via PCMag) restoring a device using iTunes could work. One Twitter user writes that manually removing the Wi-Fi network names from "com.apple. Wi-Fi.known-networks.plist" before a device is restored can also fix the problem.

Why do these names bork an iPhone's Wi-Fi? According to 9To5Mac:

The '%[character]' syntax is commonly used in programming languages to format variables into an output string. In C, the '%n' specifier means to save the number of characters written into the format string out to a variable passed to the string format function. The Wi-Fi subsystem probably passes the Wi-Fi network name (SSID) unsanitized to some internal library that is performing string formatting, which in turn causes an arbitrary memory write and buffer overflow. This will lead to memory corruption and the iOS watchdog will kill the process, hence effectively disabling Wi-Fi for the user.

Expect more damaging SSID names with the '%s', '%p' and '%n' character sequences to be discovered before Apple rolls out a fix.

Image credit: Camilo Concha

Permalink to story.

 

nismo91

Posts: 1,145   +184
If you're into weird SSID names you're probably better off with something like X Æ A-XII, not using % or / or & or \
 

wiyosaya

Posts: 6,364   +4,675
All complex software will have edge cases.

Though, iOS should have a better way to view networks when wifi is turned off...
Is there a way with any OS to view available WiFi networks without having WiFi turned on? Seriously, does any OS cache WiFi networks for viewing when the WiFi on the device is turned off?? Available networks could and do change at any time. Caching them when the device's WiFi is turned off does not seem like a good idea.

One can always tell iOS to not automatically connect to networks, and if one does connect to a network named as such, I think that is an unwise decision - even without knowing about this "bug".
 

m4a4

Posts: 2,486   +2,863
TechSpot Elite
Is there a way with any OS to view available WiFi networks without having WiFi turned on? Seriously, does any OS cache WiFi networks for viewing when the WiFi on the device is turned off?? Available networks could and do change at any time. Caching them when the device's WiFi is turned off does not seem like a good idea.

One can always tell iOS to not automatically connect to networks, and if one does connect to a network named as such, I think that is an unwise decision - even without knowing about this "bug".
...What? I'm talking about saved networks. That's what was implied throughout the article (but apparently I've got to make that more clear). Of course you can't view available networks when the wifi is off...
 

DrSuess

Posts: 134   +105
All complex software will have edge cases.

Though, iOS should have a better way to view saved networks when wifi is turned off...
This is not an edge case, those special characters are valid for use in SSID names, other devices don't suffer from this issue. Apple software and systems engineers failed to adequately create test cases to catch the bug.
 

m4a4

Posts: 2,486   +2,863
TechSpot Elite
This is not an edge case, those special characters are valid for use in SSID names, other devices don't suffer from this issue. Apple software and systems engineers failed to adequately create test cases to catch the bug.
They are not normal characters for an SSID, hence why it's only been found 10+ years after the iPhone launched. It very much is an edge case (even if other OS's don't have the problem).
 

wiyosaya

Posts: 6,364   +4,675
...What? I'm talking about saved networks. That's what was implied throughout the article (but apparently I've got to make that more clear). Of course you can't view available networks when the wifi is off...
From the article -
Just a few weeks after a similar issue was discovered, a security researcher has found that connecting an iPhone to Wi-Fi networks with a certain name can disable the device's Wi-Fi support—and fixing the problem is far from easy.
Connecting is the operative word here. As I see it, if your iPhone is set to automatically connect to networks, you are just setting yourself up for problems regardless of this bug. The way my iPad mini works is that it remembers networks only if I connect to them.

I know some users might find it an extra chore to have to go into the available WiFi networks and select which one to connect to, but obviously, especially with this bug, they are placing their devices at risk.

If resetting network settings does not always take care of the problems, how is seeing saved networks going to provide a solution - since resetting network settings implies that saved networks are deleted? Apparently, even if you were able to delete such a network from "saved networks" it might not solve the problem.

From my reading of the article, not connecting to such a network would prevent encountering the problem in the first place. So, apparently, unchecking "automatically connect to networks" would be an ideal, just common sense, solution until crApple programmers get their act together and fix the bug that they failed to test for.
 

m4a4

Posts: 2,486   +2,863
TechSpot Elite
From the article -
Connecting is the operative word here. As I see it, if your iPhone is set to automatically connect to networks, you are just setting yourself up for problems regardless of this bug. The way my iPad mini works is that it remembers networks only if I connect to them.

I know some users might find it an extra chore to have to go into the available WiFi networks and select which one to connect to, but obviously, especially with this bug, they are placing their devices at risk.

If resetting network settings does not always take care of the problems, how is seeing saved networks going to provide a solution - since resetting network settings implies that saved networks are deleted? Apparently, even if you were able to delete such a network from "saved networks" it might not solve the problem.

From my reading of the article, not connecting to such a network would prevent encountering the problem in the first place. So, apparently, unchecking "automatically connect to networks" would be an ideal solution until crApple programmers get their act together and fix the bug that they failed to test for.
I don't know what you're getting at in relation to what I said. It's a problem because the device tries to load up it's saved networks (and loading that saved SSID causes an issue). It even says in the article that it's fixed by editing out the problem SSID from saved networks manually ("com.apple. Wi-Fi.known-networks.plist"), as the backup might contain the SSID.

And you can't view the list while the wifi is off. And you can't turn on the wifi because of the bug. Having the option to see saved networks regardless of wifi state could help...... assuming that wouldn't also be broken...
 

Vanderlinde

Posts: 44   +36
Text = iPhone weakness.

Just as simular as programming PHP and checking the values you allow to post, this is a bug that somehow disables the wireless completely.

I mean does anyone remember this one still?

18mpenleoksq8jpg.jpg


Very common, strip slashes. Dont trust anything users are allowed to post to your application, website or whatever.
 

p51d007

Posts: 2,822   +2,174
And I though Apple softwares had above average quality...

No, it's that there are 2-3 Apple devices released each year and 4,503 android devices
released each year. It's easier to find bugs and crap all over someone when there are zillions
of them.
 

DrSuess

Posts: 134   +105
They are not normal characters for an SSID, hence why it's only been found 10+ years after the iPhone launched. It very much is an edge case (even if other OS's don't have the problem).
Its not an edge case when the WIFI specification says what is valid and you should handle them properly, other OS provider's have designed for this and have successfully implemented these special cases. Apple did no follow the published specification, its a bug not an edge case
 

m4a4

Posts: 2,486   +2,863
TechSpot Elite
Its not an edge case when the WIFI specification says what is valid and you should handle them properly, other OS provider's have designed for this and have successfully implemented these special cases. Apple did no follow the published specification, its a bug not an edge case
EnchantedInfamousHoneycreeper-size_restricted.gif

An edge case (like this) is also considered a bug. They're not mutually exclusive LOL

It's quite literally what any programmer would call an edge case. And I even gave you the definition of an edge case. But you can't seem to comprehend that these aren't normal characters to use (and thus wasn't a case that was found until now). At the edge of what people would try.......
 

wiyosaya

Posts: 6,364   +4,675
I don't know what you're getting at in relation to what I said. It's a problem because the device tries to load up it's saved networks (and loading that saved SSID causes an issue). It even says in the article that it's fixed by editing out the problem SSID from saved networks manually ("com.apple. Wi-Fi.known-networks.plist"), as the backup might contain the SSID.

And you can't view the list while the wifi is off. And you can't turn on the wifi because of the bug. Having the option to see saved networks regardless of wifi state could help...... assuming that wouldn't also be broken...
I don't know why you do not seem to understand that to encounter the bug, you need to connect to the hotspot with the screwy name. The answer is simple. Just don't connect to a hotspot with a screwy name. That is just common sense anyway as the practice is intended to PREVENT problems like this. Capiche? Or do you just automatically connect to anything because you cannot live without the interent? Have you heard the adage - an ounce of prevention is worth a pound of cure?

But what the hey! You are entitled to connect to any wifi hotspot you want to connect to even if it compromises your device security. :facepalm:
 

m4a4

Posts: 2,486   +2,863
TechSpot Elite
I don't know why you do not seem to understand that to encounter the bug, you need to connect to the hotspot with the screwy name. The answer is simple. Just don't connect to a hotspot with a screwy name. That is just common sense anyway as the practice is intended to PREVENT problems like this. Capiche? Or do you just automatically connect to anything because you cannot live without the interent? Have you heard the adage - an ounce of prevention is worth a pound of cure?

But what the hey! You are entitled to connect to any wifi hotspot you want to connect to even if it compromises your device security. :facepalm:
I could care less about your implication here. I never said you couldn't, and I never implied otherwise lol

You're arguing a point that no one else brought up or refuted.

The only thing I said was that it's an edge case, and that it would be nice to view saved networks with the wifi off. No relation to what I said... 🤦‍♂️
 

terzaerian

Posts: 969   +1,416
And I though Apple softwares had above average quality...
It's purely marketing. Get out the microscope or start scrutinizing the code and Apple devices are put together worse than electronics you'd get in a Dollar General.

You think a tech company achieves a 2 trillion dollar market cap sparing no expense for the end user?
 

Darth Shiv

Posts: 2,202   +774
This is not an edge case, those special characters are valid for use in SSID names, other devices don't suffer from this issue. Apple software and systems engineers failed to adequately create test cases to catch the bug.
It's far worse than that. Literally any user input should be sanitised. Passing a SSID and processing it like a complex string is unbelievably poor practice. I cannot understand how the network code was not heavily vetted for EXACTLY this issue. The amount of inputs in that part of the interface are miniscule.
 

Koguma

Posts: 6   +3
...What? I'm talking about saved networks. That's what was implied throughout the article (but apparently I've got to make that more clear). Of course you can't view available networks when the wifi is off...


Did you read the complete article? You do Not need to connect to any network. Just detecting the SSID causes the issue. Read the article again.

Here's the quote "just coming into range of public Wi-Fi networks named "%secretclub%power" can result in the same issues as before"
 

Koguma

Posts: 6   +3
I don't know why you do not seem to understand that to encounter the bug, you need to connect to the hotspot with the screwy name. The answer is simple. Just don't connect to a hotspot with a screwy name. That is just common sense anyway as the practice is intended to PREVENT problems like this. Capiche? Or do you just automatically connect to anything because you cannot live without the interent? Have you heard the adage - an ounce of prevention is worth a pound of cure?

But what the hey! You are entitled to connect to any wifi hotspot you want to connect to even if it compromises your device security. :facepalm:

The article literally says you don't need to connect to any article. :facepalm:

"just coming into range of public Wi-Fi networks named "%secretclub%power" can result in the same issues as before"