Just a few weeks after a similar issue was recognized, a security researcher has discovered that connecting an iPhone to Wi-Fi networks with a certain specific SSID name can disable the device’s Wi-Fi support—and fixing the problem is not easy.
A couple of weeks ago, Secret Club founder Carl Schou discovered that if an iPhone connected to a network with the SSID name “%p%s%s%s%s%n”, a bug within iOS’ networking stack would disable the phone’s Wi-Fi and networking features. The effect was initially thought to be permanent, however, it can be fixed by resetting the iPhone’s network settings.
Now, Schou has also revealed the same problem which is even worse than the previous discovery. He states that just coming into a range of public Wi-Fi networks SSID named “%secretclub%power” can result in the same issues as the previous one, and the problems may last even after the network settings have been reset.
— Carl Schou (@vm_call) July 4, 2021
A hard factory reset might be the only solution. Some users also say (via PCMag) restoring a device using iTunes might prove helpful. One Twitter user writes that manually removing the Wi-Fi network names from “com. apple. Wi-Fi.known-networks.plist” before a device is restored can also fix the issue.
Why do these names bork an iPhone’s Wi-Fi? According to 9To5Mac:
The ‘%[character]’ syntax is commonly used in programming languages to format variables into an output string. In C, the ‘%n’ specifier means to save the number of characters written into the format string out to a variable passed to the string format function. The Wi-Fi subsystem probably passes the Wi-Fi network name (SSID) unsanitized to some internal library that is performing string formatting, which in turn causes an arbitrary memory write and buffer overflow. This will lead to memory corruption and the iOS watchdog will kill the process, hence effectively disabling Wi-Fi for the user.
Expect more problematic SSID names with the ‘%s’, ‘%p’ and ‘%n’ character sequences to be revealed before Apple gives a fix.