Many people think denial of service (DoS) attacks only happen to company websites and their servers.
DoS attacks occur when hackers send endless traffic to one source, which causes it to crash. Github was recently a victim of this.
But DoS attacks are not merely relegated to websites. In fact, researchers have proven it’s possible to attack iOS devices, crashing either individual apps or entire mobile phones.
Mobile security firm Skycure unveiled its latest research at the RSA security conference in San Francisco on Tuesday. The firm showed how attackers can create malicious Wi-Fi networks to crash mobile devices with incredible accuracy.
Skycure’s CEO Adi Sharabani told Business Insider most people think of app crashes as fleeting technical issues than cyber attacks.
“When people see a crash, they think of it from the perspective of a bug,” he said.
But his company decided to research crashes from an offensive perspective: Is it possible to set up a program that, when deployed, can crash a phone? It turns out — at least for iOS devices — it is.
All the hacker has to do is create a wireless network for phones to join. Once the device is linked up to the network, the attacker can launch a script which can cause the phone to crash.
At the heart of this research is an older problem with iOS devices, dubbed WiFiGate. In 2013, Skycure proved it is possible for attackers to create a network and have mobile devices automatically join it, as long as the phone has already connected to another Wifi with the same name (for example, “Free Public WiFi”).
Putting these two facts together, Sharabani explained that large targeted attacks could happen in highly populated areas. For instance, someone could go to Times Square and make a network called “AT&T Wi-Fi” and thousands of phones would automatically be connected. Then the attackers could easily shut down all of these phones by launching a DoS attack script.
In some cases, Skycure was able to cause a phone to constantly reboot then crash again, reverting it back to the useless piece of metal it once was.
“There’s nothing you can do to avoid [this type of] attack,” said the CEO.
Skycure’s blog explains that it’s best to avoid the free networks people find in the street providing public internet access.
Skycure has contacted Apple about this issue, but it’s not clear whether it has issued a complete fix or not.
Business Insider Emails & Alerts
Site highlights each day to your inbox.