A rather worrying report broke out two weeks ago regarding a strange bug that afflicted iPhones, causing them to be unable to connect to any WiFi access point when triggered. Fortunately, the bug had a simple though inconvenient fix and could be easily avoided by not connecting to wireless networks with symbols in their names. It turns out there is another iPhone bug with almost similar characteristics, except that it is almost impossible to avoid and harder to fix as well.
The original vulnerability involved WiFi access points or APs that used the percent sign (‘%’) in their names. In many programming languages, this symbol is used to denote that the character following it is meant to be a command rather than a letter to be displayed. Somewhere in iOS code, this may break the platform’s ability to connect to any WiFi network completely. Fortunately, simply resetting the phone’s network settings puts things back to normal.
That original bug could only be triggered if the user tries to connect to such a WiFi network, something that most should avoid in the first place, even without this bug. Unfortunately, this second exploit doesn’t even need any user interaction. According to the same security researcher who publicly disclosed the first bug, even being within range of a network named “%secretclub%power” is enough to lose all WiFi functionality and the ability to connect to WiFi networks.
The iPhone can still be fixed, but it isn’t as simple as resetting network settings. One has to either reset the phone entirely or restore from a backup if one is available. One can actually still try to back up their iPhone while in this state, but they must also manually edit the backup’s network list to remove the offending AP name.
The first iPhone WiFi bug was more of a nuisance that awaits careless users. This second, however, is a severe security bug that can be exploited by anyone with control over a WiFi router or hotspot. So far, Apple has remained silent on the matter, but this new bug could push it to at least acknowledge it and promise a fix soon.