New Version of 'January 1, 1970 Bug' Can Brick Pre-iOS 9.3.1 Devices Over Compromised Wi-Fi Networks

Security researchers Patrick Kelley and Matt Harrigan have uncovered a new way to exploit the infamous January 1, 1970 bug that was found to be the cause of bricked iPhones in February. Despite Apple's patch of the original issue in iOS 9.3, Kelley and Harrigan discovered the way in which an iPhone constantly looks for trusted Wi-Fi networks could lend itself to the malicious bricking of a Wi-Fi enabled Apple device, without the user even knowing it was happening.

iPhone-6s-main
In a hypothetical example described by Krebs on Security, if a user confirms that a network called "attwifi" is a trusted connection, any subsequent network they come into contact with boasting the same name will connect with their iPhone. That way, when users revisit the same location frequently, they never have to fiddle with going through the Wi-Fi set-up process again. But the feature could be used to silently weaponize the 1970 bug, connecting users to similarly-named networks they've never encountered and altering the date and time stamps of their iOS devices.

In their research, Kelley and Harrigan used this feature of iPhones and iPads to build a nefarious Wi-Fi network, harnessing the requirement of iOS devices to occasionally connect to a network time protocol (NTP) server to keep date and time in sync. Once a user connected to their thought-to-be trusted network, the iPhone would reconfigure its software to update the date and time information from Kelley and Harrigan's own NTP date, which they specified as January 1, 1970.

Harrigan, president and CEO of San Diego-based security firm PacketSled, described the meltdown thusly:

“One thing we noticed was when we set the date on the iPad to 1970, the iPad display clock started counting backwards. While we were plugging in the second test iPad 15 minutes later, the first iPad said it was Dec. 15, 1968. I looked at Patrick and was like, ‘Did you mess with that thing?’ He hadn’t. It finally stopped at 1965, and by that time [the iPad] was about the temperature I like my steak served at.”

Harrigan and Kelley coordinated with Apple when they discovered their findings to avoid preempting the company's promise of a fix for the bug, and possibly encouraging its malicious use in the wild. As such, the company has fixed the issue and anyone running iOS 9.3.1 will be protected from the new iteration of the 1970 bug. Older iOS releases, including the original iOS 9.3 update, are still susceptible, however.

With the release of their research, the two security experts are understandably encouraging users to update their iPhones and iPads as soon as possible, and have created a video to better explain the issue.

Top Rated Comments

(View all)
Avatar
59 months ago

Apple iOS, it just works... oh wait :eek:

Dude, give it up. We get it, you hate all things Apple.
Score: 12 Votes (Like | Disagree)
Avatar
59 months ago
this issue reminds me of the joke, "The patient says, "Doctor, it hurts when I do this." "Then don't do that!"
Score: 8 Votes (Like | Disagree)
Avatar
59 months ago

Apple products like the iPad (and virtually all mass-market wireless devices) are designed to automatically connect to wireless networks they have seen before. They do this with a relatively weak level of authentication: If you connect to a network named “Hotspot” once, going forward your device may automatically connect to any open network that also happens to be called “Hotspot.”

For example, to use Starbuck’s free Wi-Fi service, you’ll have to connect to a network called “attwifi”. But once you’ve done that, you won’t ever have to manually connect to a network called “attwifi” ever again. The next time you visit a Starbucks, just pull out your iPad and the device automagically connects.

That right there is your problem. As if automatic joining of known SSIDs was not a bad enough idea, iOS also offers no way to see, edit and remove these known SSIDs, unless you are in range. You can only reset your networking settings to clear everything, but who does that on a regular basis? I do not understand why Apple has not done anything about it. I’d wager that there are many iPhone users out there who have long lists of known SSIDs.
Score: 7 Votes (Like | Disagree)
Avatar
59 months ago
Apple iOS, it just works... oh wait :eek:
Score: 7 Votes (Like | Disagree)
Avatar
59 months ago
I'm still astounded at how people find these. Like old hacks in Gameboy color games: "take 3 steps left, head down until you're spotted, press start at the right time to freeze the game, go here, turn around three times = unlimited whatever"

Who figures these out! :eek:
[doublepost=1460563286][/doublepost]

Apple should just change it to where you cannot change the date on iOS, and all times are adjusted automatically through Wi-Fi or cellular through Apple's servers only.

But then my aunt couldn't cheat at Candy Crush! :p
Score: 6 Votes (Like | Disagree)
Avatar
59 months ago

Should never happen if apple is using ntp - the spec and all common implementations forbid time travel (setting clock backwards). So this is purely and Apple bug, not ntp.

Very tiny nitpick: In some situations, the clock will indeed be set backwards with ntp, but it's an unusual circumstance and the change should be quite small.

However, ntp's defaults (last I knew) forbid any clock correction exceeding 1000 seconds, so this kind of massive, 40-year correction should not be possible under any circumstances. Either Apple wrote their own time sync client (why?) or changed this default in their implementation of ntp. (Again, why?)

Incorrect device clocks have major security implications for any network, so even without this bricking bug, Apple should be paying closer attention to this. Time sync should never be an afterthought.
Score: 6 Votes (Like | Disagree)

Top Stories

New Photos Offer Better Look at iPhone 12 Color Options

Tuesday October 20, 2020 2:34 am PDT by
As we wait for the iPhone 12 review embargo to lift later today, more pictures are circulating of the devices in real-world lighting conditions, providing a better look at the different colors available. Leaker DuanRui has shared images on Twitter of the iPhone 12 in white, black, blue, green, and (PRODUCT)RED. The black and white colors are similar to the iPhone 11 colors, but the other...

iPhone 12 Pro in Graphite and iPhone 12 in Blue Shown Off in Unboxing Videos

Monday October 19, 2020 8:20 am PDT by
While the iPhone 12 Pro does not launch until Friday, we now have an early unboxing video of the device courtesy of Twitter account DuanRui, providing a closer look at the shiny new flat-edge design and sleek Graphite color option. Ben Geskin re-uploaded the unboxing video to YouTube, which we've embedded below: Geskin has also uploaded an unboxing video of the iPhone 12 in Blue: ...

Apple Releases iPadOS and iOS 14.1 With Multiple Bug Fixes Ahead of iPhone 12 Launch

Tuesday October 20, 2020 10:06 am PDT by
Apple today released iOS and iPadOS 14.1, the first major updates to the iOS and iPadOS 14 operating system updates that were released in September. iOS and iPadOS 14.1 come a week after Apple released the golden master versions of the updates to developers. The iOS 14.1 update can be downloaded for free and it is available on all eligible devices over-the-air in the Settings app. To access...

Watch: iPhone 12 and iPhone 12 Pro Unboxing Videos and First Impressions

Tuesday October 20, 2020 6:05 am PDT by
Apple's embargo has lifted for iPhone 12 and iPhone 12 Pro reviews. In addition to our detailed review roundups for each device, we've rounded up over a dozen unboxing videos and first impressions below. iPhone 12 in Blue on left and iPhone 12 Pro in Pacific Blue on right via Engadget Key new features of the iPhone 12 and iPhone 12 Pro include a flat-edge design, 5G support, a much faster A14 ...

Gold Version of iPhone 12 Pro Apparently Has a More Fingerprint Resistant Stainless Steel Frame

Tuesday October 20, 2020 11:56 am PDT by
iPhone 12 Pro reviews hit the web today, and one of the more interesting tidbits came from TechCrunch's Matthew Panzarino, who revealed that the Gold version of the device apparently has a more fingerprint resistant coating applied to the stainless steel frame. From his review:Most of the iPhone 12 Pro finishes still use a physical vapor deposition process for edge coating. But the new gold...

Photographer Austin Mann Tests the iPhone 12 Pro's Camera

Wednesday October 21, 2020 4:14 am PDT by
Travel photographer Austin Mann usually performs an in-depth review of new iPhone models to test their camera performance in real-world scenarios. To test Apple's new iPhone 12 Pro, Mann traveled to Glacier National Park, Montana. Mann focused on some of the biggest camera upgrades with the iPhone 12 Pro, including the upgraded Wide lens, Ultra Wide Night mode, and LiDAR autofocus, across a...

iPhone 12 Pro Max Has Smaller 3,687 mAh Battery According to Regulatory Filing

Tuesday October 20, 2020 8:48 pm PDT by
Apple's new iPhone 12 Pro Max is equipped with a 3,687 mAh battery, which is around 7% less capacity than the 3,969 mAh battery in the iPhone 11 Pro Max, according to a regulatory filing published by TENAA, the Chinese equivalent of the FCC. The regulatory filing, spotted by MacRumors, also lists the iPhone 12 Pro Max with 6GB of RAM as seen in benchmark results last week. Apple has filed ...

5G Drains iPhone 12 Battery 20% Faster Than 4G in Benchmark

Wednesday October 21, 2020 3:17 am PDT by
After the first reviews for the iPhone 12 and iPhone 12 Pro emerged yesterday, a new report by Tom's Guide reveals the extent of battery life reductions when using 5G. The report outlines a test wherein the iPhone surfs the web continuously at 150 nits of screen brightness, launching a new site every 30 seconds until the battery drains. Interestingly, the test was run on an iPhone 12 and...

Hands-On With Apple's iPhone 12 and 12 Pro MagSafe Cases

Tuesday October 20, 2020 1:33 pm PDT by
Apple's iPhone 12 and 12 Pro are launching this Friday, and ahead of that release date, Apple is shipping out various accessories like the MagSafe charger and MagSafe cases. Yesterday we took a look at the MagSafe charger, and today our MagSafe case came in the mail, so we thought we'd take another look at the charger to see how it works with the case and just how strong the case magnets are. S ...

Reliable Leaker Suggests AirTags 'Coming Soon' in Two Different Sizes

Tuesday October 20, 2020 1:53 am PDT by
Apple's rumored AirTags Bluetooth tracking devices could launch imminently and will be available in two size options, based on new tweets from cryptic-but-reliable leaker L0vetodream. In typical enigmatic style, the leaker first tweeted this morning that a "big one" and a "small one" are "coming soon," but withheld what they were referring to. However that was followed an hour later with the ...