iOS 1970 vulnerability – Destroying Apple Devices Remotely

If you use an Apple iPhone, iPad or other iDevice, update to 9.3.1 now. Security researchers have developed an automated exploit of the “iOS 1970 vulnerability” that can lead to remote destruction of Apple devices.

A YouTube video posted by security researched Zach Straley uncovered the discovery of a startling and yet simple vulnerability in Apple devices. It appears that setting your iPhone’s date to 1 January 1970 permanently brick it in other words render your device useless.

After seeing this video security researchers Patrick Kelley and Matt Harrigan started thinking about how to make this attack automatic, without a physical access to the device. They knew that Apple devices are automatically connecting to known wireless networks, meaning that if you connect to a Access Point named “ZAP” once, your device will auto-connect to any open network with the same name “ZAP”. This weakness can be very useful if used in publicly known places like Starbucks, the company who has same Access Point name for each of their branch.

Since nearly all modern devices use NTP (Network Time Protocol) for syncing date and time, why not build a malicious Access Point which would trick Apple devices into setting time according to the “EVIL NTP”. That’s exactly what two security researchers did. They used an ordinary Rasperry Pi device with custom software and redirected all time.apple.com (official NTP server from APPLE) requests to their malicious NTP. Therefore all devices in test updated their time to 1970 almost instantly.

The iPads and iPhones that connected to EVIL NTP Access Point rebooted, and were bricked forever. We can’t say what is the exact cause for this painful vulnerability, but according to security researcher Brian Krebs:

Most applications on an iPad are configured to use security certificates that encrypt data transmitted to and from the user’s device. Those encryption certificates stop working correctly if the system time and date on the user’s mobile is set to a year that predates the certificate’s issuance.

For more information about this vulnerability, please have a look at this video published by researchers:

 

Leave a Reply