Tuesday, April 16, 2024

WiFiDemon – iPhone Zero-click Wifi Hacking Flaw Can be Used to Execute Remote Code

Recently the mobile security experts at zecOps have discovered a bug in the iPhone last month that intrudes wireless connectivity when it gets connected to an access point with a specific name.

This bug was dubbed as WiFiDemon, and it is a remote code execution vulnerability, and for implementing operation it does not require any kind of user intervention.


Wi-Fi is the key factor for the smartphone, and wifid is a daemon that manages protocol connected with a Wi-Fi connection and it operates as a root.

According to the report, it says that wifid is a very delicate daemon that may guide the whole system to compromise. During the investigation, the security researcher, Carl Schou detected that wifid has an issue of format string while handling SSID.

The Bug Was Worse Than it Was Assumed

Before proceeding further, let me justify the above heading, in short, this flaw works even when the screen is off. There is a lot of things that have been found in this bug, and the cybersecurity researchers noted that the bug can be a trigger as a zero-click, and it also has the potential to execute remote code.

The security experts are trying to find another method for exploiting the vulnerability, as per the report, the analysts have used “%@,” which is a format specifier for distribution and formatting targets in Objective-C, which is the programming language for iOS software. 

Analysis of a Zero-Click WiFi Vulnerability

After investigating the whole matter, the analysts came to know that wifid has intriguing logs when it is not linked to any wifi. However, all these logs carry SSID, which intimates that they may be hit by the corresponding format string bug. 

The security analysts have tested and confirmed that it has been affected by the same format string bug, which implies that it is a zero-click vulnerability and can be activated without an end-user connecting to a newly named wifi.

Lastly, the researchers have also proposed that until and unless this bug is not getting fixed permanently, avoid joining to any public WiFi networks or any hotspots,  as doing so will help you to stay protected from this type of security flaw.

Necessities to the WiFiDemon 0-Click Attack

  • It needs the WiFi to be admissible with Auto-Join 
  • The vulnerable iOS Version is applicable for 0-click: Since iOS 14.0
  • The 0-Click vulnerability was reinforced on iOS 14.4


  • Initially update to the latest version, 14.6, as it bypasses the risk of WiFiDemon in its 0-click form. 
  • Always prefer disabling WiFi Auto-Join Feature through Settings –> WiFi –> Auto-Join Hotspot –> Never.
  • Conduct risk and trade-off assessment in your mobile/tablet security utilizing ZecOps Mobile EDR in case you infer that you have been targeted.

Necessities to the WiFi 0-Day Format Strings Attack

However, the WiFi format strings were seen to be a remote code execution, and while joining a malicious SSID the experts have noted it. 


  • Don’t get associate with unknown Wi-Fi networks.
  • Through Settings –> WiFi –> Auto-Join Hotspot –> Never try to disable the WiFi Auto-Join feature.
  • In case you assume that you have been targeted then quickly conduct risk and trade-off assessment to your mobile/tablet security.
  • The vulnerability is a 0-day, and the iOS 14.6 is vulnerable when correlating to a specifically crafted SSID. 
  • Lastly, wait for an authoritative update by Apple and implement it as soon as possible.

Latest articles

Hacker Customize LockBit 3.0 Ransomware to Attack Orgs Worldwide

Cybersecurity researchers at Kaspersky have uncovered evidence that cybercriminal groups are customizing the virulent...

Microsoft .NET, .NET Framework, & Visual Studio Vulnerable To RCE Attacks

A new remote code execution vulnerability has been identified to be affecting multiple Microsoft...

LightSpy Hackers Indian Apple Device Users to Steal Sensitive Data

The revival of the LightSpy malware campaign has been observed, focusing on Indian Apple...

LightSpy Malware Attacking Android and iOS Users

A new malware known as LightSpy has been targeting Android and iOS users.This sophisticated...

This Startup Aims To Simplify End-to-End Cybersecurity, So Anyone Can Do It

The Web3 movement is going from strength to strength with every day that passes....

Alert! Palo Alto RCE Zero-day Vulnerability Actively Exploited in the Wild

In a recent security bulletin, Palo Alto Networks disclosed a critical vulnerability in its...

6-year-old Lighttpd Flaw Impacts Intel And Lenovo Servers

The software supply chain is filled with various challenges, such as untracked security vulnerabilities...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Top 3 SME Attack Vectors

Securing the Top 3 SME Attack Vectors

Cybercriminals are laying siege to small-to-medium enterprises (SMEs) across sectors. 73% of SMEs know they were breached in 2023. The real rate could be closer to 100%.

  • Stolen credentials
  • Phishing
  • Exploitation of vulnerabilities

Related Articles