Hypothetically, if a users confirms a network “xyz” as a trusted connection, any connection with the same name can connect with their phone. This is because if the user revisits a same location more often, they don’t have to setup the connection each time. This is quite a convenient feature but it can be used to trigger the 1970 bug.
For the sake of this research, Kelley and Harrigan used this feature on several iPhones and iPads to build a foul WiFi network, garnering the requirement of iOS devices to occasionally connect to a network time protocol server to keep the time and date synced. Once a user connects to the fake network, the iPhone reconfigures its software to update the time and information from the malicious network, which they set as January 1, 1970.
Harrigan, president and CEO of PacketSled, described:
“One thing we noticed was when we set the date on the iPad to 1970, the iPad display clock started counting backwards. While we were plugging in the second test iPad 15 minutes later, the first iPad said it was Dec. 15, 1968. I looked at Patrick and was like, ‘Did you mess with that thing?’ He hadn’t. It finally stopped at 1965, and by that time [the iPad] was about the temperature I like my steak served at.”
Harrigan and Kelley coordinated with Apple when they found about this bug, in order to help Apple keep their promise of fixing the bug. As such, the company has now fixed the bug and anyone who is running the iOS 9.3.1 is protected from this bug. But the problem still remains in the iOS older releases, including the 9.3 update.
With this finding, the two security experts encouraged the people with iPhones and iPads to update them as soon as possible, and for further explanation they have also created a video to explain the issue in a better way.
Latest posts by Muneeb Ahmed (see all)
- A look at the evolution of Samsung’s Note series from Galaxy Note 1 to Note 7 - August 21, 2016
- 5 things you need to know about Android - August 20, 2016
- Samsung Galaxy Note 7: Complete roundup - June 28, 2016