Just a few weeks after a similar issue was discovered, a security researcher has found that connecting an iPhone to Wi-Fi networks with a certain name can disable the device’s Wi-Fi support—and fixing the problem is far from easy.
A couple of weeks ago, Secret Club founder Carl Schou revealed that if an iPhone connected to a network with the SSID name “%p%s%s%s%s%n”, it would result in a bug within iOS’ networking stack disabling the phone’s Wi-Fi and networking features. The effect was initially feared to be permanent, but it can be fixed by resetting the iPhone’s network settings.
Now, Schou has found a similar problem that appears even worse than the previous discovery. He writes that just coming into range of public Wi-Fi networks named “%secretclub%power” can result in the same issues as before, and the problems may persist even after the network settings have been reset.
The only solution might be a hard factory reset, though some users say (via PCMag) restoring a device using iTunes could work. One Twitter user writes that manually removing the Wi-Fi network names from “com.apple. Wi-Fi.known-networks.plist” before a device is restored can also fix the problem.
Why do these names bork an iPhone’s Wi-Fi? According to 9To5Mac:
The ‘%[character]’ syntax is commonly used in programming languages to format variables into an output string. In C, the ‘%n’ specifier means to save the number of characters written into the format string out to a variable passed to the string format function. The Wi-Fi subsystem probably passes the Wi-Fi network name (SSID) unsanitized to some internal library that is performing string formatting, which in turn causes an arbitrary memory write and buffer overflow. This will lead to memory corruption and the iOS watchdog will kill the process, hence effectively disabling Wi-Fi for the user.
Expect more damaging SSID names with the ‘%s’, ‘%p’ and ‘%n’ character sequences to be discovered before Apple rolls out a fix.