New ‘January 1, 1970’ Bug Can Brick iOS 9.3.1 Devices

iOS may arguably be the most stable mobile operating system out there but that doesn’t mean it does not have any bugs, after the bug that bricked iOS devices when their date was set to Jan 1, 1970, Security researchers Patrick Kelley and Matt Harrigan have uncovered a new way to exploit the infamous January 1, 1970 bug that was found to be the cause of bricked iPhones in February.

Date-bug-brick

iOS devices will automatically try to connect to a known Wi-Fi network. They do this by identifying the SSID of the network. So in their testing, the researchers created an ‘evil’ Wi-Fi network, ‘attwifi’ — the same SSID name used by Starbucks, and their own NTP server spoofing time.apple.com with its date set to January 1, 1970.

Then, as soon as they brought their iPads in range of this network, the device starts a process of self-destructions that started with it rebooting automatically. The exact reason as to why iOS devices do this is not clear, but the researchers do have one plausible explanation for it.

It’s not clear why they do this, but here’s one possible explanation: Most applications on an iPad are configured to use security certificates that encrypt data transmitted to and from the user’s device. Those encryption certificates stop working correctly if the system time and date on the user’s mobile is set to a year that predates the certificate’s issuance. for this.

Harrigan and Kelley coordinated with Apple when they discovered their findings to avoid preempting the company’s promise of a fix for the bug, and possibly encouraging its malicious use in the wild. As such, the company has fixed the issue and anyone running iOS 9.3.1 will be protected from the new iteration of the 1970 bug. Older iOS releases, including the original iOS 9.3 update, are still susceptible, however.

With the release of their research, the two security experts are understandably encouraging users to update their iPhones and iPads as soon as possible, and have created a video to better explain the issue.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.