{"id":15112,"date":"2015-04-23T14:52:03","date_gmt":"2015-04-23T19:52:03","guid":{"rendered":"http:\/\/bucktownbell.com\/?p=15112"},"modified":"2015-04-23T14:52:03","modified_gmt":"2015-04-23T19:52:03","slug":"a-new-vulnerability-allows-dos-attacks-on-ios-devices","status":"publish","type":"post","link":"http:\/\/bucktownbell.com\/?p=15112","title":{"rendered":"A New Vulnerability Allows DoS Attacks on iOS Devices"},"content":{"rendered":"<blockquote><p>Basically, by generating a specially crafted SSL certificate, attackers can regenerate a bug and cause apps that perform SSL communication to crash at will. With our finding, we rushed to create a script that exploits the bug over a network interface. As SSL is a security best practice and is utilized in almost all apps in the Apple app store, the attack surface is very wide.<\/p><\/blockquote>\n<p>via <a href=\"https:\/\/www.skycure.com\/blog\/ios-shield-allows-dos-attacks-on-ios-devices\/\">\u201cNo iOS Zone\u201d &#8211; A New Vulnerability Allows DoS Attacks on iOS Devices \u00bb<\/a>.<\/p>\n<p>This exploit only crashes a device making it unusable.\u00a0 There is no mention of making end to end encrypted communications vulnerable.\u00a0 By moving outside the range of the access point the IOS device automatically connected to should break the connection bringing the phone back to normal.<\/p>\n<p>Devices with wifi left on will try and connect themselves to any open access point.\u00a0 While this shouldn&#8217;t be a problem attacks like this can happen.\u00a0 I would classify this attack more of an irritant than anything serious.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Basically, by generating a specially crafted SSL certificate, attackers can regenerate a bug and cause apps that perform SSL communication to crash at will. With our finding, we rushed to create a script that exploits the bug over a network &hellip; <a href=\"http:\/\/bucktownbell.com\/?p=15112\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[110],"tags":[1125,516,698,232],"class_list":["post-15112","post","type-post","status-publish","format-standard","hentry","category-networking","tag-exploit-vector","tag-ios","tag-security-research","tag-ssl"],"_links":{"self":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/15112","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=15112"}],"version-history":[{"count":1,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/15112\/revisions"}],"predecessor-version":[{"id":15113,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/15112\/revisions\/15113"}],"wp:attachment":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=15112"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=15112"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=15112"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}