iOS 'date bug' can be exploited over Wi-Fi using NTP
Party like it's 1970
Back in February, Apple nearly fixed the “1970” date bug that bricked iDevices running 64-bit iOS 8 or higher when their clocks were set to January 1, 1970.
Apple blushed red and issued a patch, but according to PacketSled's Matt Harrigan and Critical Assets' Patrick Kelley, “you missed a spot”: the bug can still be triggered remotely.
The problem is that the network time protocol (NTP) hasn't caught up with sensible paranoia, and malicious parties can spoof time server domains.
As this PacketSled blog post explains, if the iDevice retrieves the bad day's timestamp from a server spoofing time.apple.com, it bricks.
It's a cinch to run up a suitable NTP server: the researchers show how in the YouTube video below, using a Raspberry Pi to make a malicious Wi-Fi hotspot.
That causes “software instability resulting in observed temperatures up to 54°C which is hot enough to brick a device”, the post states.
The pair will publish their work in a paper they've already shared with KrebsOnSecurity.
Apple fixed the problem in its iOS 9.3.1 update – the one that introduced a lock screen bypass that Cupertino had to tweak its Siri servers to fix. ®