New Version of 'January 1, 1970 Bug' Can Brick Pre-iOS 9.3.1 Devices Over Compromised Wi-Fi Networks

Security researchers Patrick Kelley and Matt Harrigan have uncovered a new way to exploit the infamous January 1, 1970 bug that was found to be the cause of bricked iPhones in February. Despite Apple's patch of the original issue in iOS 9.3, Kelley and Harrigan discovered the way in which an iPhone constantly looks for trusted Wi-Fi networks could lend itself to the malicious bricking of a Wi-Fi enabled Apple device, without the user even knowing it was happening.

iPhone-6s-main
In a hypothetical example described by Krebs on Security, if a user confirms that a network called "attwifi" is a trusted connection, any subsequent network they come into contact with boasting the same name will connect with their iPhone. That way, when users revisit the same location frequently, they never have to fiddle with going through the Wi-Fi set-up process again. But the feature could be used to silently weaponize the 1970 bug, connecting users to similarly-named networks they've never encountered and altering the date and time stamps of their iOS devices.

In their research, Kelley and Harrigan used this feature of iPhones and iPads to build a nefarious Wi-Fi network, harnessing the requirement of iOS devices to occasionally connect to a network time protocol (NTP) server to keep date and time in sync. Once a user connected to their thought-to-be trusted network, the iPhone would reconfigure its software to update the date and time information from Kelley and Harrigan's own NTP date, which they specified as January 1, 1970.

Harrigan, president and CEO of San Diego-based security firm PacketSled, described the meltdown thusly:

“One thing we noticed was when we set the date on the iPad to 1970, the iPad display clock started counting backwards. While we were plugging in the second test iPad 15 minutes later, the first iPad said it was Dec. 15, 1968. I looked at Patrick and was like, ‘Did you mess with that thing?’ He hadn’t. It finally stopped at 1965, and by that time [the iPad] was about the temperature I like my steak served at.”

Harrigan and Kelley coordinated with Apple when they discovered their findings to avoid preempting the company's promise of a fix for the bug, and possibly encouraging its malicious use in the wild. As such, the company has fixed the issue and anyone running iOS 9.3.1 will be protected from the new iteration of the 1970 bug. Older iOS releases, including the original iOS 9.3 update, are still susceptible, however.

With the release of their research, the two security experts are understandably encouraging users to update their iPhones and iPads as soon as possible, and have created a video to better explain the issue.

Top Rated Comments

Tubamajuba Avatar
69 months ago
Apple iOS, it just works... oh wait :eek:
Dude, give it up. We get it, you hate all things Apple.
Score: 12 Votes (Like | Disagree)
braddick Avatar
69 months ago
this issue reminds me of the joke, "The patient says, "Doctor, it hurts when I do this." "Then don't do that!"
Score: 8 Votes (Like | Disagree)
KALLT Avatar
69 months ago
Apple products like the iPad (and virtually all mass-market wireless devices) are designed to automatically connect to wireless networks they have seen before. They do this with a relatively weak level of authentication: If you connect to a network named “Hotspot” once, going forward your device may automatically connect to any open network that also happens to be called “Hotspot.”

For example, to use Starbuck’s free Wi-Fi service, you’ll have to connect to a network called “attwifi”. But once you’ve done that, you won’t ever have to manually connect to a network called “attwifi” ever again. The next time you visit a Starbucks, just pull out your iPad and the device automagically connects.
That right there is your problem. As if automatic joining of known SSIDs was not a bad enough idea, iOS also offers no way to see, edit and remove these known SSIDs, unless you are in range. You can only reset your networking settings to clear everything, but who does that on a regular basis? I do not understand why Apple has not done anything about it. I’d wager that there are many iPhone users out there who have long lists of known SSIDs.
Score: 7 Votes (Like | Disagree)
maxsix Avatar
69 months ago
Apple iOS, it just works... oh wait :eek:
Score: 7 Votes (Like | Disagree)
Traverse Avatar
69 months ago
I'm still astounded at how people find these. Like old hacks in Gameboy color games: "take 3 steps left, head down until you're spotted, press start at the right time to freeze the game, go here, turn around three times = unlimited whatever"

Who figures these out! :eek:
[doublepost=1460563286][/doublepost]
Apple should just change it to where you cannot change the date on iOS, and all times are adjusted automatically through Wi-Fi or cellular through Apple's servers only.
But then my aunt couldn't cheat at Candy Crush! :p
Score: 6 Votes (Like | Disagree)
Soba Avatar
69 months ago
Should never happen if apple is using ntp - the spec and all common implementations forbid time travel (setting clock backwards). So this is purely and Apple bug, not ntp.
Very tiny nitpick: In some situations, the clock will indeed be set backwards with ntp, but it's an unusual circumstance and the change should be quite small.

However, ntp's defaults (last I knew) forbid any clock correction exceeding 1000 seconds, so this kind of massive, 40-year correction should not be possible under any circumstances. Either Apple wrote their own time sync client (why?) or changed this default in their implementation of ntp. (Again, why?)

Incorrect device clocks have major security implications for any network, so even without this bricking bug, Apple should be paying closer attention to this. Time sync should never be an afterthought.
Score: 6 Votes (Like | Disagree)

Top Stories

nothing ear 1 buds 1

Nothing 'Ear (1)' True Wireless Earbuds Launch to Take on AirPods Pro With ANC and Unusual Design for $99

Tuesday July 27, 2021 7:57 am PDT by
Nothing, a new brand from OnePlus founder Carl Pei, has today officially launched the "Ear (1)" true wireless earbuds after months of anticipation around the company's AirPods Pro rival. The Ear (1) features an in-ear design, Active Noise Cancelation, Bluetooth 5.2, IPX4 water resistance, and a charging case with Qi-compatible wireless charging and a USB-C port. Fast pairing is supported on...
iOS 14 on iPhone feature emergency

Apple Releases iOS and iPadOS 14.7.1 With Fix for Touch ID Apple Watch Bug

Monday July 26, 2021 9:48 am PDT by
Apple today released iOS and iPadOS 14.7.1, minor bug fix updates that come just a week after the release of iOS 14.7, software that introduced new Apple Card features and support for the MagSafe Battery Pack. The iOS and iPadOS 14.7.1 updates can be downloaded for free and the software is available on all eligible devices over-the-air in the Settings app. To access the new software, go to...
iPad mini pro feature 2

iPad Mini 6 to Feature 8.3-Inch Display With No Home Button and Narrower Bezels

Monday July 26, 2021 12:26 pm PDT by
The sixth-generation iPad mini that's in the works will have an 8.3-inch display, according to display analyst Ross Young. That will be larger than the current 7.9-inch display, with the larger size due to the removal of the Home button and a narrower bezel design. Rumors about the iPad mini 6 have been picking up in recent weeks ahead of its prospective launch this fall. Apple analyst...
iphone 12 pro gold

Report: iPhone 14 Pro Models to Feature Tough Titanium Alloy Chassis

Monday July 26, 2021 1:12 am PDT by
Next year's "iPhone 14" series is expected to feature high-end models with a new titanium alloy chassis design, claims a new investors report by JP Morgan Chase. According to the report, the use of titanium alloy will be one of the biggest changes to the case design in the 2022 iPhone series, and Foxconn will be the exclusive manufacturer of the titanium frames for the high-end models....
iOS 15 General Feature Purple

Everything New in iOS 15 Beta 4: Safari Tweaks, MagSafe Battery Pack Support, Notification Updates and More

Tuesday July 27, 2021 11:47 am PDT by
Apple today released the fourth betas of iOS 15 and iPadOS 15, introducing additional refinements to the new features that are coming in the software updates. In these betas, Apple has introduced changes for Safari, Notifications, Focus mode, and more. Safari Updates Apple is continuing to refine the design of Safari on the iPhone, and in iOS 15, there are tweaks to improve usability. ...
apple mac business page

Apple Shares 11 Reasons Why Business Users Should Choose Macs

Monday July 26, 2021 11:35 am PDT by
Apple today updated its Apple at Work website with a new section dedicated to the Mac, which offers up 11 reasons why "Mac means business." On the webpage, Apple highlights the M1 chip as the number one reason why business users should choose a Mac, offering up an M1 overview [PDF] that explains the benefits of the M1 chip. The information isn't new, but it does provide a look at all of...
imac with accessories

Larger Redesigned High-End iMac Rumored to Launch Next Year

Monday July 26, 2021 3:45 am PDT by
Apple's larger redesigned iMac will arrive sometime in 2022 rather than later this year, according to the leaker known as "Dylandkt." On Twitter, Dylandkt claimed that Apple's "high end iMac" is not expected to release in the fourth quarter of 2021 alongside Apple's "M1X Macs" – a reference to Apple's redesigned MacBook Pro models – because "Apple simply does not want their devices to...
General iOS 14

iOS 14.7.1 and macOS Big Sur 11.5.1 Patch Security Vulnerability That May Have Been Actively Exploited

Monday July 26, 2021 11:55 am PDT by
Apple today released unexpected iOS 14.7.1 and iPadOS 14.7.1 updates to the public, and according to a newly released support document, the software addresses a serious security vulnerability that may have been exploited in the wild. Apple says that an application may have been able to execute arbitrary code with kernel privileges due to a memory corruption issue. "Apple is aware of a report ...
apple bitcoin hack

Is Apple Really Buying Bitcoin?

Monday July 26, 2021 3:07 am PDT by
A large number of websites and posts on social media are stoking rumors that Apple has purchased $2.5 billion worth of bitcoin in the company's first move into cryptocurrency, but is there any validity to the claims? Many people are citing the fact that Apple was looking for a Business Development Manager with experience in alternative payments, including cryptocurrency, earlier this year as ...
new m1 chip

Tim Cook on Apple Deciding to Manufacture Components: 'We Ask Ourselves If We Can Do Something Better'

Tuesday July 27, 2021 3:04 pm PDT by
During today's earnings call for the third fiscal quarter of 2021 (second calendar quarter), Apple CEO Tim Cook was asked how Apple decides what components to purchase and what components to develop, and Cook said that Apple asks if it can be done better. We ask ourselves if we can do something better. If we can deliver a better product. If we can buy something in the market and it's great...