New Version of 'January 1, 1970 Bug' Can Brick Pre-iOS 9.3.1 Devices Over Compromised Wi-Fi Networks

Security researchers Patrick Kelley and Matt Harrigan have uncovered a new way to exploit the infamous January 1, 1970 bug that was found to be the cause of bricked iPhones in February. Despite Apple's patch of the original issue in iOS 9.3, Kelley and Harrigan discovered the way in which an iPhone constantly looks for trusted Wi-Fi networks could lend itself to the malicious bricking of a Wi-Fi enabled Apple device, without the user even knowing it was happening.

iPhone-6s-main
In a hypothetical example described by Krebs on Security, if a user confirms that a network called "attwifi" is a trusted connection, any subsequent network they come into contact with boasting the same name will connect with their iPhone. That way, when users revisit the same location frequently, they never have to fiddle with going through the Wi-Fi set-up process again. But the feature could be used to silently weaponize the 1970 bug, connecting users to similarly-named networks they've never encountered and altering the date and time stamps of their iOS devices.

In their research, Kelley and Harrigan used this feature of iPhones and iPads to build a nefarious Wi-Fi network, harnessing the requirement of iOS devices to occasionally connect to a network time protocol (NTP) server to keep date and time in sync. Once a user connected to their thought-to-be trusted network, the iPhone would reconfigure its software to update the date and time information from Kelley and Harrigan's own NTP date, which they specified as January 1, 1970.

Harrigan, president and CEO of San Diego-based security firm PacketSled, described the meltdown thusly:

“One thing we noticed was when we set the date on the iPad to 1970, the iPad display clock started counting backwards. While we were plugging in the second test iPad 15 minutes later, the first iPad said it was Dec. 15, 1968. I looked at Patrick and was like, ‘Did you mess with that thing?’ He hadn’t. It finally stopped at 1965, and by that time [the iPad] was about the temperature I like my steak served at.”

Harrigan and Kelley coordinated with Apple when they discovered their findings to avoid preempting the company's promise of a fix for the bug, and possibly encouraging its malicious use in the wild. As such, the company has fixed the issue and anyone running iOS 9.3.1 will be protected from the new iteration of the 1970 bug. Older iOS releases, including the original iOS 9.3 update, are still susceptible, however.

With the release of their research, the two security experts are understandably encouraging users to update their iPhones and iPads as soon as possible, and have created a video to better explain the issue.

Top Rated Comments

Tubamajuba Avatar
72 months ago
Apple iOS, it just works... oh wait :eek:
Dude, give it up. We get it, you hate all things Apple.
Score: 12 Votes (Like | Disagree)
braddick Avatar
72 months ago
this issue reminds me of the joke, "The patient says, "Doctor, it hurts when I do this." "Then don't do that!"
Score: 8 Votes (Like | Disagree)
KALLT Avatar
72 months ago
Apple products like the iPad (and virtually all mass-market wireless devices) are designed to automatically connect to wireless networks they have seen before. They do this with a relatively weak level of authentication: If you connect to a network named “Hotspot” once, going forward your device may automatically connect to any open network that also happens to be called “Hotspot.”

For example, to use Starbuck’s free Wi-Fi service, you’ll have to connect to a network called “attwifi”. But once you’ve done that, you won’t ever have to manually connect to a network called “attwifi” ever again. The next time you visit a Starbucks, just pull out your iPad and the device automagically connects.
That right there is your problem. As if automatic joining of known SSIDs was not a bad enough idea, iOS also offers no way to see, edit and remove these known SSIDs, unless you are in range. You can only reset your networking settings to clear everything, but who does that on a regular basis? I do not understand why Apple has not done anything about it. I’d wager that there are many iPhone users out there who have long lists of known SSIDs.
Score: 7 Votes (Like | Disagree)
maxsix Avatar
72 months ago
Apple iOS, it just works... oh wait :eek:
Score: 7 Votes (Like | Disagree)
Traverse Avatar
72 months ago
I'm still astounded at how people find these. Like old hacks in Gameboy color games: "take 3 steps left, head down until you're spotted, press start at the right time to freeze the game, go here, turn around three times = unlimited whatever"

Who figures these out! :eek:
[doublepost=1460563286][/doublepost]
Apple should just change it to where you cannot change the date on iOS, and all times are adjusted automatically through Wi-Fi or cellular through Apple's servers only.
But then my aunt couldn't cheat at Candy Crush! :p
Score: 6 Votes (Like | Disagree)
Soba Avatar
72 months ago
Should never happen if apple is using ntp - the spec and all common implementations forbid time travel (setting clock backwards). So this is purely and Apple bug, not ntp.
Very tiny nitpick: In some situations, the clock will indeed be set backwards with ntp, but it's an unusual circumstance and the change should be quite small.

However, ntp's defaults (last I knew) forbid any clock correction exceeding 1000 seconds, so this kind of massive, 40-year correction should not be possible under any circumstances. Either Apple wrote their own time sync client (why?) or changed this default in their implementation of ntp. (Again, why?)

Incorrect device clocks have major security implications for any network, so even without this bricking bug, Apple should be paying closer attention to this. Time sync should never be an afterthought.
Score: 6 Votes (Like | Disagree)

Top Stories

studio buds family

Beats Studio Buds Debuting Today With Active Noise Cancellation, Stemless Design, and More for $150

Monday June 14, 2021 8:00 am PDT by
We've seen a lot of teasers about the Beats Studio Buds over the past month since they first showed up in Apple's beta software updates, and today they're finally official. The Beats Studio Buds are available to order today in red, white, and black ahead of a June 24 ship date, and they're priced at $149.99. The Studio Buds are the first Beats-branded earbuds to truly compete with AirPods...
affinity designer contour tool

Serif Updates Affinity Photo, Designer, and Publisher With New Tools and Functions

Thursday February 4, 2021 1:58 am PST by
Serif today announced across-the-board updates for its popular suite of Affinity creative apps, including Affinity Photo, Affinity Designer, and the Apple award-winning Affinity Publisher for Mac, all of which were among the first professional creative suites to be optimized for Apple's new M1 chip. "After another year which saw record numbers of people switching to Affinity, it's exciting to...
maxresdefault

Craig Federighi and Greg Joswiak Discuss iPadOS 15, macOS Monterey, Privacy, Shortcuts on Mac, and More

Saturday June 12, 2021 6:12 am PDT by
As is tradition, Apple executives Craig Federighi and Greg Joswiak joined Daring Fireball's John Gruber in an episode of The Talk Show to discuss several announcements that Apple made over this weeks WWDC, including iPadOS 15, macOS Monterey, and a large focus around privacy. Federighi kicks off the conversation discussing the common architecture, now thanks to Apple silicon, across all of...
M1X MBP Feature

Leaker: Upcoming MacBook Pro to See Price Hike Over Current Model, Equal Performance Across 14 and 16-Inch Sizes

Tuesday August 24, 2021 5:28 am PDT by
The upcoming 14-inch MacBook Pro is set to be more expensive than the current 13-inch MacBook Pro and both the 14 and 16-inch models will offer the same performance, according to the leaker known as "Dylandkt." The leaker shared the information on Twitter, explaining that both of the upcoming MacBook Pro models, expected to come in 14 and 16-inch sizes, will feature the same performance due...
youtube apple tv

YouTube Discontinuing 3rd-Generation Apple TV App, AirPlay Still Available

Wednesday February 3, 2021 3:09 pm PST by
YouTube is planning to stop supporting its YouTube app on the third-generation Apple TV models, where YouTube has long been available as a channel option. A 9to5Mac reader received a message about the upcoming app discontinuation, which is set to take place in March.Starting early March, the YouTube app will no longer be available on Apple TV (3rd generation). You can still watch YouTube on...
General Apps Messages

Android iMessage Competitor Puts Pressure on Apple

Friday July 30, 2021 3:15 am PDT by
Google and the three major U.S. carriers, including Verizon, AT&T, and T-Mobile, will all support a new communications protocol on Android smartphones starting in 2022, a move that puts pressure on Apple to adopt a new cross-platform messaging standard and may present a challenge to iMessage. Verizon recently announced that it is planning to adopt Messages by Google as its default messaging...
YouTube Picture in Picture Feature

YouTube Premium Subscribers Can Now Use iOS Picture-in-Picture: Here's How

Wednesday August 25, 2021 3:55 am PDT by
Google has rolled out picture-in-picture support as an "experimental" feature for YouTube premium subscribers, allowing them to watch video in a small window when the app is closed. If you're a premium YouTube subscriber looking to try out picture-in-picture, follow these steps: Launch a web browser and sign into your YouTube account at YouTube.com. Navigate to www.youtube.com/new. Scroll...
iPhone 13 Dummy Thumbnail 2

Kuo: iPhone 13 to Feature LEO Satellite Communications to Make Calls and Texts Without Cellular Coverage

Sunday August 29, 2021 7:39 am PDT by
The iPhone 13 will feature low earth orbit (LEO) satellite communication connectivity to allow users to make calls and send messages in areas without 4G or 5G coverage, according to the reliable analyst Ming-Chi Kuo. In a note to investors, seen by MacRumors, Kuo explained that the iPhone 13 lineup will feature hardware that is able to connect to LEO satellites. If enabled with the relevant...
twitterqrcode

Twitter Introduces QR Codes for Sharing and Following Accounts

Wednesday November 16, 2016 4:13 pm PST by
Twitter today introduced Snapchat-style QR codes, which are designed to make it easier to find and follow friends on the social network. Each Twitter QR code is unique to an individual Twitter user, so when scanned, it'll bring up the person's account. To access your Twitter QR code, you'll need the official Twitter app for iOS. In the app, go to your profile, tap on the gear icon, and select...
macOS Monterey on MBP Feature

Apple Seeds Sixth Beta of macOS Monterey to Developers

Monday August 30, 2021 1:11 pm PDT by
Apple today seeded the sixth developer beta of macOS Monterey, the newest version of the macOS operating system. The sixth beta comes three weeks after Apple released the fifth macOS Monterey beta. Registered developers can download the beta through the Apple Developer Center and once the appropriate profile is installed, betas will be available through the Software Update mechanism in...