Variation on 1970 date bug can be used to remotely brick pre-iOS 9.3 devices via Wi-Fi hotspots [Updated]
Update: Sources close to Apple tell us that, contrary to the original claim, this issue – like the original one – was resolved in iOS 9.3. We also understand that Apple was able to successfully restore the test devices sent to it by the researchers.
While iOS 9.3 fixed a bug that bricked iOS devices when the date was set to January 1, 1970, security researchers have found a variation on the theme that can remotely brick devices as soon as they connect to a Wi-Fi hotspot. The exploit uses a combination of two weaknesses discovered in iOS, reports KrebsonSecurity.
The first is that iOS devices automatically reconnect to known Wi-Fi hotspots, but rely on the SSID to identity them. iPhones and iPads will auto-connect to a malicious Wi-Fi hotspot that spoofs the name of a known one.
Second, iOS devices are programmed to constantly check that their time and date settings are correct by connecting to Network Time Protocol (NTP) servers. All the researchers had to do was create their own Wi-Fi hotspot labelled ‘attwifi’ (as used by Starbucks) and their own NTP server pretending to be time.apple.com to deliver the January 1, 1970 date …
While an upcoming software update should soon eliminate the 1970 date bug, that doesn’t help if you currently have a bricked phone. There have been varying reports of fixes that do or don’t work, but experiments by Macnn suggest that two approaches do the trick – both of which are apparently being done by Genius bar staff when people take in their bricked phones.
The ‘simple but not easy’ approach is to remove and replace the battery. This forces a full reset of the phone, but is not for the faint-hearted.
This is either just hard, or very difficult, and may require tools not generally found in the home. Yanking the battery for even a short period of time will force a reset of the phone. Sound scary? It can be, and if you mess something up in the disassembly, or tear a ribbon cable, you’re out of luck.
Obviously don’t do that on any phone still covered by warranty, and then only if you know what you’re doing.
Method 2 is to put the phone into DFU (Device Firmware Upgrade) mode. While some people have reported that this doesn’t work, Macnn reckons this is because they didn’t wait long enough.
This is where the recovery time has varied for us. We’ve done the restoration ten times. Three times, iTunes recognized the need for a recovery right away, and times on the other seven varied somewhat up to an hour. So, the moral of the story is, as long as the phone is in DFU mode, be patient. Also, if the recovery doesn’t work, wait an amount of time after your clock was set to Jan 1, 1970, and your deviation from Greenwich Mean Time (also sometimes referred to as Zulu time). Eastern time is currently five hours off of GMT, then try again.
Either way, you’ll need to restore from backup afterwards.
You can take the phone into an Apple Store, but don’t expect much sympathy. A friend reports that when his son did so after one of his mates thought it would be amusing to brick his phone, the Genius was rather unfriendly – probably because he’d been spending most of his time fixing this problem.