Security experts have issued a warning for iPhone users after the new discovery that shows that the iPhones can be hacked simply by connecting to the unsecured Wi-Fi.
Marco Grassi, the senior Security Researcher of Keen Lab of Tencent, says that this hack is known to “remotely compromise iOS via Wi-Fi and escape the Sandbox”. This demonstrates how your device can be hacked remotely, by joining a Wi-Fi network and bypass the iOS Sandbox.
In his presentation, Grassi says that “The victim will only have to join the Wi-Fi network, and then the device will be compromised without any user interaction, bypassing all iOS mitigations and sandboxes.”
Grassi has, for now, refused to provide any details about the hack, including how exactly works and where the idea originated from. He is, however, expected to reveal this information at a 50-minute briefing on Thursday at the Roselle Junior Ballroom in Marina Bay, Singapore.
What is known that the sandbox is designed to prevent malicious activities on devices. This works by stopping apps from accessing or making changes to the files on the device in question.
Grassi’s presentation also says that “We will disclose a chain of several vulnerabilities, leading to arbitrary code execution outside of the iOS sandbox and show that the device can be compromised in different ways in the post-exploitation phase.”
Forbes reported that the Apple had already fixed the bugs for their users with the release of their update back in December. Their users are required to upgrade their OS to the latest iOS as soon as possible in order to fix the bugs that are making their devices vulnerable.
The flaw has been located in the WebSheet component of iOS. This is used when the device connects to public Wi-Fi networks that require them to go through login portal, explained Apple. Apparently, this flaw got through because of the small number of proof checks that were supposed to stop malicious code from running when the WebSheet in question was loaded.
Apple has already acknowledged Grassi and Trend Micro’s Zero Day Initiative which rewards researcher for discovering this sort of bugs and added that the issue has been taken care of by adding additional restrictions.
Grassi will discuss the possibility of this and similar hacking threats in a talk on March 30 at the hacking conference organized by Black Hat Asia.