A key element that seems to have passed Apple in the development of the iPhone operating system is that in the text fields, with few exceptions, special properties of certain characters must be disabled. That is, they should be taken as a text string without more, regardless of whether they include special characters, commands, and so on. And it is that the opposite can be used for malicious purposes, and in fact this is a very common type of test in security checks of all kinds of developments. Sanitize, is how this action is called.
Although I remember it from the early years of the first decade of this century, after a while looking for the closest reference I have found to a funny example of how dangerous the opposite can be, it is found in this tweet from 2013 (you must see the full picture to understand):
– Miguel (@mikelstrawberry) April 1, 2013
Well, it seems that in iOS wireless connection management, Apple missed this detail and consequently Carl Schou, a security expert, has come across a curious circumstance, and is that a certain WiFi network name can permanently disable iOS wireless network access. Yes, you just have to try to connect to a WiFi network with that name and, automatically, your iPhone’s WiFi connectivity will be disabled.
And in case you are wondering, I imagine it is, restarting the iPhone is not enough, trying to disable WiFi to solve it is not possible and changing the name of the network is useless. The only solution discovered so far It consists of accessing Settings -> Settings -> General -> Reset -> Reset network settings. This will eliminate the setting made by the SSID of the malicious network, and therefore the WiFi connectivity of the iPhone will be restored.
After joining my personal WiFi with the SSID “% p% s% s% s% s% n”, my iPhone permanently disabled it’s WiFi functionality. Neither rebooting nor changing SSID fixes it: ~) pic.twitter.com/2eue90JFu3
– Carl Schou (@vm_call) June 18, 2021
As I indicated at the beginning, the problem is given because, at some point, the iPhone operating system does not sanitize a text string and, therefore, it is exposed to the elements that comprise it can be used for malicious purposes. The other good news is that, at least in principle, it is a problem that has an easy solution, so it is expected that Apple will acknowledge receipt and solve it in the next version of iOS.
Meanwhile, and in case you are an iPhone user, do not, under any circumstances, try to connect to a network with the name “% p% s% s% s% s% n” (without the quotes), and I warn you that you can already see messages on the Internet from some people thinking of creating public WiFi networks with precisely that name, so that unsuspecting iPhone users try to connect to them only to discover that, suddenly, they have run out wireless connectivity.