Thursday, March 28, 2024

WiFiDemon – iPhone Zero-click Wifi Hacking Flaw Can be Used to Execute Remote Code

Recently the mobile security experts at zecOps have discovered a bug in the iPhone last month that intrudes wireless connectivity when it gets connected to an access point with a specific name.

This bug was dubbed as WiFiDemon, and it is a remote code execution vulnerability, and for implementing operation it does not require any kind of user intervention.

Wi-Fi-Demon

Wi-Fi is the key factor for the smartphone, and wifid is a daemon that manages protocol connected with a Wi-Fi connection and it operates as a root.

According to the report, it says that wifid is a very delicate daemon that may guide the whole system to compromise. During the investigation, the security researcher, Carl Schou detected that wifid has an issue of format string while handling SSID.

The Bug Was Worse Than it Was Assumed

Before proceeding further, let me justify the above heading, in short, this flaw works even when the screen is off. There is a lot of things that have been found in this bug, and the cybersecurity researchers noted that the bug can be a trigger as a zero-click, and it also has the potential to execute remote code.

The security experts are trying to find another method for exploiting the vulnerability, as per the report, the analysts have used “%@,” which is a format specifier for distribution and formatting targets in Objective-C, which is the programming language for iOS software. 

Analysis of a Zero-Click WiFi Vulnerability

After investigating the whole matter, the analysts came to know that wifid has intriguing logs when it is not linked to any wifi. However, all these logs carry SSID, which intimates that they may be hit by the corresponding format string bug. 

The security analysts have tested and confirmed that it has been affected by the same format string bug, which implies that it is a zero-click vulnerability and can be activated without an end-user connecting to a newly named wifi.

Lastly, the researchers have also proposed that until and unless this bug is not getting fixed permanently, avoid joining to any public WiFi networks or any hotspots,  as doing so will help you to stay protected from this type of security flaw.

Necessities to the WiFiDemon 0-Click Attack

  • It needs the WiFi to be admissible with Auto-Join 
  • The vulnerable iOS Version is applicable for 0-click: Since iOS 14.0
  • The 0-Click vulnerability was reinforced on iOS 14.4

Mitigation:-

  • Initially update to the latest version, 14.6, as it bypasses the risk of WiFiDemon in its 0-click form. 
  • Always prefer disabling WiFi Auto-Join Feature through Settings –> WiFi –> Auto-Join Hotspot –> Never.
  • Conduct risk and trade-off assessment in your mobile/tablet security utilizing ZecOps Mobile EDR in case you infer that you have been targeted.

Necessities to the WiFi 0-Day Format Strings Attack

However, the WiFi format strings were seen to be a remote code execution, and while joining a malicious SSID the experts have noted it. 

Mitigation:-

  • Don’t get associate with unknown Wi-Fi networks.
  • Through Settings –> WiFi –> Auto-Join Hotspot –> Never try to disable the WiFi Auto-Join feature.
  • In case you assume that you have been targeted then quickly conduct risk and trade-off assessment to your mobile/tablet security.
  • The vulnerability is a 0-day, and the iOS 14.6 is vulnerable when correlating to a specifically crafted SSID. 
  • Lastly, wait for an authoritative update by Apple and implement it as soon as possible.
Website

Latest articles

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles