Connecting your iPhone to certain strangely named Wi-Fi networks may leave you without internet access until your phone’s network settings are wiped, as discovered by security researcher Carl Schou last week. This newly discovered bug would break your phone’s Wi-Fi settings, restricting you from enabling your Wi-Fi in some cases, or from connecting to older Wi-Fi networks in others.
“After joining my personal [Wi-Fi] with the SSID “%p%s%s%s%s%n”, my iPhone permanently disabled its Wi-Fi functionality. Neither rebooting nor changing SSID fixes it :~),” Schou tweeted. Reporting on this issue, Bleeping Computer also found that the bug affected iPhones running on operating systems as recent as iOS 14.6.
After joining my personal WiFi with the SSID “%p%s%s%s%s%n”, my iPhone permanently disabled it’s WiFi functionality. Neither rebooting nor changing SSID fixes it :~) pic.twitter.com/2eue90JFu3
— vmcall (@vm_call) June 18, 2021
The root cause of this issue has been attributed to a format string error. This means that iOS is reading the text in the name as a command to execute due to the presence of the “%” symbol and then crashing upon failing. The bug does not exist on Android phones.
For users affected by it, the only way to fix Wi-Fi is by resetting the network settings and clearing all stored network data. With iPhones caching data and network names, rebooting would not be sufficient to fix the error once it is triggered. On an iPhone, this is as easy as going to Settings > General > Reset > Reset Network Settings.
This bug seems unlikely to be a cause for concern. There’s little potential for anything other than mischief. Even in that case, for it to be a problem, it would require bad actors to set up Wi-Fi networks with that name and users to actively attempt a connection. You could also reduce your vulnerability by turning off the auto-join hot spot setting on your iPhone just to be extra safe. This can be done by going to Settings > Wi-Fi and changing the setting from Automatic to Ask to Join or Never. As security researcher @CodeColorist points out in a blog post explaining the issue, it would be more effective to simply set up a phishing website.
Digital Trends has reached out to Apple for comment and will update this article when we hear back.
