Skycure co-founder Yair Amit has described an accidental discovery following the installation of a new router.
With a certain router configuration, iOS apps on connected devices started crashing.
The company's investigations determined the cause was a bug in the way iOS handles SSL certificates, and that a malicious certificates could be generated to cause crashes.
Furthermore, the vulnerability also affects iOS itself: "under certain conditions, we managed to get devices into a repeatable reboot cycle, rendering them useless."
The user has to initially connect the device to the network, so this shouldn't be a big problem - right?
Wrong. If the iPad or iPhone is set to automatically connect to a network, perhaps the one in the owner's favourite cafe, then if the malicious router had the same SSID the connection would be made without any action on the owner's part other than taking the device within range.
Furthermore, Skycure has previously shown how attackers can take advantage of the Wi-Fi configurations included in certain carrier settings bundles to cause an automatic connection to a rogue access point. The only requirement is that the device's Wi-Fi interface is turned on.
These two attacks could be combined, according to Amit, creating a "No iOS Zone" that captures iOS devices and causes them to crash repeatedly until they are moved out of range.
The issue was reported to Apple last October, and iOS 8.3 "seem to resolve some of the issues" according to a presentation given by Amit and co-founder Adi Sharabani at this week's RSA Conference 2015 in San Francisco.