We have disclosed a vulnerability (CVE-2018-4368) to Apple that allowed us to crash iOS (and also macOS, tvOS, and watchOS) devices remotely via Wi-Fi. We demonstrate a working exploit which allows us to target a single device but also all devices in proximity in parallel. The exploit does not require any user interaction and, thus, might force a device into an indefinite boot loop. Apple has just released security updates for all of its operating systems which we recommend everyone to install.

This work was a collaboration between the Secure Mobile Networking Lab headed by Prof. Matthias Hollick from TU Darmstadt and Prof. Guevara Noubir from Northeastern University.

Video