The humble percentage symbol (%) in a network name can permanently break an iPhone’s Wi-Fi functionality. Not even resetting network settings guarantees a fix.
A few weeks ago, security researcher Carl Schou found that by joining “a public Wi-Fi named %secretclub%power,” he had effectively broken his iPhone’s Wi-Fi functionality. Network resets couldn’t fix his issue, and he eventually had to manually edit the iPhone backup to remove mention of the Wi-Fi network.
[Stay up-to-date with the latest privacy news. Subscribe to the Blog Newsletter.]Other Wi-Fi names that have triggered the bug include “%p%s%s%s%s%n,” and “%Free %Coffee at %Starbucks.”
After joining my personal WiFi with the SSID “%p%s%s%s%s%n”, my iPhone permanently disabled it’s WiFi functionality. Neither rebooting nor changing SSID fixes it :~) pic.twitter.com/2eue90JFu3
— Carl Schou (@vm_call) June 18, 2021
It is not a security problem in a sense that it can leak your data or something. And definitely not a reason to panic. But still a bug no one was expecting in 2021.
Btw just checked that Starbucks one. And it works: pic.twitter.com/40wnvvQJpM
— p0fs@infosec.exchange (@pieceofsummer) June 20, 2021
As of July 4, the bug is still there.
Seriously, I still don’t have WiFi pic.twitter.com/AaF9IQBvCp
— Carl Schou (@vm_call) July 4, 2021
Why does the percentage symbol affect Wi-Fi?
While Apple hasn’t responded to the discovery of the bug, 9to5Mac offered a highly plausible theory as to why a Wi-Fi network named with a percentage sign wreaks havoc on devices:
“…the ‘%[character]’ syntax is commonly used in programming languages to format variables into an output string. In C, the ‘%n’ specifier means to save the number of characters written into the format string out to a variable passed to the string format function.
The Wi-Fi subsystem probably passes the Wi-Fi network name (SSID) unsanitized to some internal library that is performing string formatting, which in turn causes an arbitrary memory write and buffer overflow. This will lead to memory corruption and the iOS watchdog will kill the process, hence effectively disabling Wi-Fi for the user.”
In other words, ‘%[character]’ is read by your phone as a string of code, causing an arbitrary change in your phone’s memory, which iOS detects and terminates, cutting off your Wi-Fi connection.
Just an inconvenience—for now
Thankfully, the bug currently seems to be more of an obscure inconvenience than particularly malicious.
Unless a load of Wi-Fi pranksters who want to target Apple devices suddenly start giving their networks problematic names, this bug probably won’t be able to do anything more damaging like leak your data or lock you out of your phone until you pay a ransom to unlock it.
If your phone does become affected by this bug, you may be able to restore Wi-Fi functionality by going to Settings > General > Reset > Reset Network Settings. This completely resets all saved Wi-Fi networks on your device and removes any knowledge of the malicious network name from the device’s memory.
But as we mentioned above, the reset is no guarantee—until Apple fixes this bug in a future update, best avoid Wi-Fi networks with % symbols in their name.
Public Wi-Fi networks: Always a risk
It’s never a good idea to join free Wi-Fi networks anyway. They are notoriously unsecure, meaning your online activity could more easily be observed and your personal information stolen.
If you must use public Wi-Fi, turn on your VPN—your connection will be encrypted, so no one can see what you’re browsing.