But there is a fix.

By Don Reisinger
April 13, 2016

If you haven’t updated to Apple’s iOS 9.3 yet, now’s the time.

Security experts have found a way for a malicious hacker to dupe unwitting iPhone or iPad owners into connecting to nefarious Wi-Fi networks and potentially bricking their devices. What’s worse, those security researchers, who include Brian Krebs, among others, say that the “evil” hack is shockingly “simple” for a hacker to wreak havoc on iOS device owners.

According to Krebs, iOS comes with a feature that automatically connects a device to a wireless network it’s previously connected to, which sits at the center of the problem.

“For example, to use Starbuck’s free Wi-Fi service, you’ll have to connect to a network called ‘attwifi,'” Krebs writes. “But once you’ve done that, you won’t ever have to manually connect to a network called ‘attwifi’ ever again. The next time you visit a Starbucks, just pull out your iPad and the device automagically connects.”

Get Data Sheet, Fortune’s technology newsletter.

The feature is designed to make it easier (and perhaps effortless) for users to connect to wireless networks. The trouble, however, is that bad actors could be creating malicious Wi-Fi hotspots to wreak havoc on a device.

According to the researchers, if a person operates a wireless network that has a familiar name that a device may have already connected to, it’s not that difficult to cause trouble on Apple’s AAPL handsets or tablets. In fact, they claim that the hackers would need only to send the devices through a server where they would “download time and date updates.” The server would then set the iOS device’s time to January 1, 1970 and watch as the smartphone or tablet came unglued.

“The iPads that were brought within range of the test (evil) network rebooted, and began to slowly self-destruct,” Krebs said, citing work from security researchers Patrick Kelley and Matt Harrigan. “Harrigan and Kelley said this apparently creates havoc with most of the applications built into the iPad and iPhone, and that the ensuing bedlam as applications on the device compete for resources quickly overwhelms the iPad’s computer processing power. So much so that within minutes, they found their test iPad had reached 130 degrees Fahrenheit, as the date and clock settings on the affected devices inexplicably and eerily began counting backwards.”

If that sounds familiar, it’s because a similar issue was discovered in iOS earlier this year. At that time, another security researcher, Zach Straley, posted a video to YouTube, showing that if users manually change the date on their devices to January 1, 1970, their devices would be rendered useless. Apple patched that glitch in iOS 9.3. However, the researchers say that the Wi-Fi hack still affects iOS 9.3 users, as well as those running earlier versions of Apple’s operating system due to the way the time is changed on the device.

For more on iOS 9.3, watch:

Of course, Wi-Fi-based attacks are nothing new. Hackers have long used Wi-Fi access points as opportunities to hop onto a person’s computer, smartphone, or tablet, and cause trouble. This attack, though, isn’t aimed at getting information—it’s aimed solely at rendering your iOS devices useless.

That said, the researchers acknowledged that the attack is much easier to complete on an iPhone than an iPad. The issue with the iPhone, they say, is that it gets time from cell phone communications networks.

There’s also apparently some debate over whether the hack will actually brick an iPhone or iPad. Krebs notes that the researchers, who had been working with Apple before they went public with their findings, received word back from Apple that the company wasn’t able to get an iPad’s heat levels as high as they had. While the company was able to “brick” the device, Apple was able to restore it to iOS 9.3 via iTunes. Apple confirmed to Fortune on Wednesday that it did, in fact, restore the devices to iOS 9 and that the hardware’s temperature did not hit a critical level.

Regardless, at least there’s a fix: Apple squashed the bug in the iOS 9.3 update it released last month.

So, if you’re worried about someone messing with your iPhone or iPad, now might be the time to update to Apple’s latest software.

Update 1:55 p.m. to include Apple’s confirmation.

SPONSORED FINANCIAL CONTENT

You May Like