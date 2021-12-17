We have seen many strange things in the world of mobile phones and one of them, surely, was that of Wi-Fi networks that, if they had a certain name in their SSID, they could completely block our terminal. Today’s is a peculiar threat that, according to a group of researchers, affects iPhones and some Tesla vehicles, which would be sensitive to this exploit.

The point is that, at the moment, there is no certainty that this error has been exploited but it is there, and it has to do with the possibility of changing the name of our devices, or vehicles, for a specific one that he is capable of unleashing a storm of security problems that would be able to connect him with remote servers. On top of that, to make things better, those same researchers qualify their discovery as “extremely serious.”

What’s the problem?

The threat they found has the name of Log4Shell and is activated when the name of our device is changed (or car) to a specific one that is capable of activating a ping that activates communication with Apple and Tesla servers. As they explain, “After the name was changed, inbound traffic showed URL requests from IP addresses belonging to Apple and, in the case of Tesla, China Unicom, the company’s mobile services partner for the Chinese market. “.

Image of the new iPhone threat. Cas van Cooten (Twitter)

That is, those responsible for the discovery were able to trick official servers so that the device will point to another URL of your choice. It goes without saying that such a vulnerability, in the hands of the wrong experts, could jeopardize the integrity and security of the devices. At the end of the day, that destination website could be a fake site in which to host some type of malware or any other type of threat.

It is clear that such a problem could pose a serious problem for users but unlike other times, there is no evidence that any group has taken advantage of it in the past, and even that in the future they can do it in a way as effective as that demonstrated by the research team itself. After all, a practically complete level of access to the terminal is needed to convince ourselves to change the name of the iPhone, or the car, to a complex string of characters. But just in case, it is best to be warned.