Looking for a good reason to update to the latest version of iOS? Over at Krebs on Security this week, Brian Krebs has reported that two security researchers have found a new way to automatically brick a stranger’s iPhone by forcing them to connect to a Wi-Fi hotspot that can change the date without their knowledge.
Before we go any further, it’s important that you understand the 1970 date change bug that swept through the internet earlier this year. Basically, if you manually set the date on an iPhone or iPad to January 1st, 1970, you’d brick it.
Apple issued a fix for the bug in iOS 9.3.1, but not everyone has updated their devices yet. Fortunately, millions of users are at least aware of the bug at this point, but what if a hacker could change the date without the user’s permission?
That’s what security researchers Patrick Kelley and Matt Harrigan wanted to find out, so they built a hostile Wi-Fi network that would take advantage of the fact that iOS devices are constantly checking network time protocol (NTP) servers to sync up the time and forced the phone or tablet to to download data from its own malicious NTP server instead.
“By spoofing time.apple.com, we were able to roll back the time and have it hand out to all Apple clients on the network,” the researchers told Krebs. “All test devices took the update without question and rolled back to 1970.”
It’s a terrifying development, but one that you can avoid altogether by simply keeping your iOS device update. Here’s a video explaining the exploit: