New Version of 'January 1, 1970 Bug' Can Brick Pre-iOS 9.3.1 Devices Over Compromised Wi-Fi Networks

by

Security researchers Patrick Kelley and Matt Harrigan have uncovered a new way to exploit the infamous January 1, 1970 bug that was found to be the cause of bricked iPhones in February. Despite Apple's patch of the original issue in iOS 9.3, Kelley and Harrigan discovered the way in which an iPhone constantly looks for trusted Wi-Fi networks could lend itself to the malicious bricking of a Wi-Fi enabled Apple device, without the user even knowing it was happening.

iPhone-6s-main
In a hypothetical example described by Krebs on Security, if a user confirms that a network called "attwifi" is a trusted connection, any subsequent network they come into contact with boasting the same name will connect with their iPhone. That way, when users revisit the same location frequently, they never have to fiddle with going through the Wi-Fi set-up process again. But the feature could be used to silently weaponize the 1970 bug, connecting users to similarly-named networks they've never encountered and altering the date and time stamps of their iOS devices.

In their research, Kelley and Harrigan used this feature of iPhones and iPads to build a nefarious Wi-Fi network, harnessing the requirement of iOS devices to occasionally connect to a network time protocol (NTP) server to keep date and time in sync. Once a user connected to their thought-to-be trusted network, the iPhone would reconfigure its software to update the date and time information from Kelley and Harrigan's own NTP date, which they specified as January 1, 1970.

Harrigan, president and CEO of San Diego-based security firm PacketSled, described the meltdown thusly:

“One thing we noticed was when we set the date on the iPad to 1970, the iPad display clock started counting backwards. While we were plugging in the second test iPad 15 minutes later, the first iPad said it was Dec. 15, 1968. I looked at Patrick and was like, ‘Did you mess with that thing?’ He hadn’t. It finally stopped at 1965, and by that time [the iPad] was about the temperature I like my steak served at.”

Harrigan and Kelley coordinated with Apple when they discovered their findings to avoid preempting the company's promise of a fix for the bug, and possibly encouraging its malicious use in the wild. As such, the company has fixed the issue and anyone running iOS 9.3.1 will be protected from the new iteration of the 1970 bug. Older iOS releases, including the original iOS 9.3 update, are still susceptible, however.

With the release of their research, the two security experts are understandably encouraging users to update their iPhones and iPads as soon as possible, and have created a video to better explain the issue.

Related Forum: iOS 9

Popular Stories

Apple iPhone 16e Feature

Apple Announces iPhone 16e With A18 Chip and Apple Intelligence, Pricing Starts at $599

Wednesday February 19, 2025 8:02 am PST by
Apple today introduced the iPhone 16e, its newest entry-level smartphone. The device succeeds the third-generation iPhone SE, which has now been discontinued. The iPhone 16e features a larger 6.1-inch OLED display, up from a 4.7-inch LCD on the iPhone SE. The display has a notch for Face ID, and this means that Apple no longer sells any iPhones with a Touch ID fingerprint button, marking the ...
Read Full Article660 comments
iphone 17 pro asherdipps

iPhone 17 Pro Models Rumored to Feature Aluminum Frame Instead of Titanium Frame

Tuesday February 18, 2025 12:02 pm PST by
Over the years, Apple has switched from an aluminum frame to a stainless steel frame to a titanium frame for its highest-end iPhones. And now, it has been rumored that Apple will go back to using aluminum for three out of four iPhone 17 models. In an investor note with research firm GF Securities, obtained by MacRumors this week, Apple supply chain analyst Jeff Pu said the iPhone 17, iPhone...
Read Full Article175 comments
apple launch feb 2025 alt

Here Are the New Apple Products We're Still Expecting This Spring

Thursday February 20, 2025 5:06 am PST by
Now that Apple has announced its new more affordable iPhone 16e, our thoughts turn to what else we are expecting from the company this spring. There are three product categories that we are definitely expecting to get upgraded before spring has ended. Keep reading to learn what they are. If we're lucky, Apple might make a surprise announcement about a completely new product category. M4...
Read Full Article61 comments
Generic iOS 18

Here's When Apple Will Release iOS 18.4

Wednesday February 19, 2025 11:38 am PST by
Following the launch of the iPhone 16e, Apple updated its iOS 18, iPadOS 18, and macOS Sequoia pages to give a narrower timeline on when the next updates are set to launch. All three pages now state that new Apple Intelligence features and languages will launch in early April, an update from the more broader April timeframe that Apple provided before. The next major point updates will be iOS ...
Read Full Article46 comments
apple launch feb 2025

Tim Cook Teases an 'Apple Launch' Next Wednesday

Thursday February 13, 2025 8:07 am PST by
In a social media post today, Apple CEO Tim Cook teased an upcoming "launch" of some kind scheduled for Wednesday, February 19. "Get ready to meet the newest member of the family," he said, with an #AppleLaunch hashtag. The post includes a short video with an animated Apple logo inside a circle. Cook did not provide an exact time for the launch, or share any other specific details, so...
Read Full Article286 comments
apple c1

Apple Unveils 'C1' as First Custom Cellular Modem

Wednesday February 19, 2025 8:08 am PST by
Apple today announced its first custom cellular modem with the name "C1," debuting in the all-new iPhone 16e. The new modem contributes to the iPhone 16e's power efficiency, giving it the longest battery life of any iPhone with a 6.1-inch display, such as the iPhone 15 and iPhone 16. Expanding the benefits of Apple silicon, C1 is the first modem designed by Apple and the most...
Read Full Article145 comments
Apple Northbrook

Apple Store Permanently Closing at Struggling Mall in Chicago Area

Tuesday February 18, 2025 8:46 pm PST by
Apple is permanently closing its retail store at the Northbrook Court shopping mall in the Chicago area. The company confirmed the upcoming closure today in a statement, but it has yet to provide a closing date for the location. Apple Northbrook opened in 2005, and the store moved to a larger space in the mall in 2017. Apple confirmed that affected employees will continue to work for the...
Read Full Article50 comments

Top Rated Comments

Tubamajuba Avatar
Tubamajuba
116 months ago
Apple iOS, it just works... oh wait :eek:
Dude, give it up. We get it, you hate all things Apple.
Score: 12 Votes (Like | Disagree)
braddick Avatar
braddick
116 months ago
this issue reminds me of the joke, "The patient says, "Doctor, it hurts when I do this." "Then don't do that!"
Score: 8 Votes (Like | Disagree)
KALLT Avatar
KALLT
116 months ago
Apple products like the iPad (and virtually all mass-market wireless devices) are designed to automatically connect to wireless networks they have seen before. They do this with a relatively weak level of authentication: If you connect to a network named “Hotspot” once, going forward your device may automatically connect to any open network that also happens to be called “Hotspot.”

For example, to use Starbuck’s free Wi-Fi service, you’ll have to connect to a network called “attwifi”. But once you’ve done that, you won’t ever have to manually connect to a network called “attwifi” ever again. The next time you visit a Starbucks, just pull out your iPad and the device automagically connects.
That right there is your problem. As if automatic joining of known SSIDs was not a bad enough idea, iOS also offers no way to see, edit and remove these known SSIDs, unless you are in range. You can only reset your networking settings to clear everything, but who does that on a regular basis? I do not understand why Apple has not done anything about it. I’d wager that there are many iPhone users out there who have long lists of known SSIDs.
Score: 7 Votes (Like | Disagree)
maxsix Avatar
maxsix
116 months ago
Apple iOS, it just works... oh wait :eek:
Score: 7 Votes (Like | Disagree)
Traverse Avatar
Traverse
116 months ago
I'm still astounded at how people find these. Like old hacks in Gameboy color games: "take 3 steps left, head down until you're spotted, press start at the right time to freeze the game, go here, turn around three times = unlimited whatever"

Who figures these out! :eek:
[doublepost=1460563286][/doublepost]
Apple should just change it to where you cannot change the date on iOS, and all times are adjusted automatically through Wi-Fi or cellular through Apple's servers only.
But then my aunt couldn't cheat at Candy Crush! :p
Score: 6 Votes (Like | Disagree)
Soba Avatar
Soba
116 months ago
Should never happen if apple is using ntp - the spec and all common implementations forbid time travel (setting clock backwards). So this is purely and Apple bug, not ntp.
Very tiny nitpick: In some situations, the clock will indeed be set backwards with ntp, but it's an unusual circumstance and the change should be quite small.

However, ntp's defaults (last I knew) forbid any clock correction exceeding 1000 seconds, so this kind of massive, 40-year correction should not be possible under any circumstances. Either Apple wrote their own time sync client (why?) or changed this default in their implementation of ntp. (Again, why?)

Incorrect device clocks have major security implications for any network, so even without this bricking bug, Apple should be paying closer attention to this. Time sync should never be an afterthought.
Score: 6 Votes (Like | Disagree)
Read All Comments