Denial of Service attack for iOS devices

A recent post on website Reddit has opened the way for a new raft of Denial of Service attacks using little more than a child's balloon!

Reddit user /u/harritaco posted recently that the medical center where they work recently had an influx of dead iOS devices.

The Reddit user explained in a post that a new MRI machine was being installed and tested in their premises when a large number of staff members started reporting that their iOS devices had suddenly stopped working – they noted that no other devices were affected, only iOS devices from iPhone 6 and upwards (including Apple watches), no PCs, Android devices, or older iOS devices were affected.

Initially the focus of the investigation into the dead devices turned to whether an EMP (Electro-Magnetic Pulse) from the MRI machine could be the cause, but this would have affected more than just iOS devices, so the user turned to Reddit investigators to try to shed some light.

A few users mentioned that in the latest iPhone and Apple watch user guides it states that:

Charging or using iPhone in any area with a potentially explosive atmosphere, such as areas where the air contains high levels of flammable chemicals, vapors, or particles (such as grain, dust, or metal powders), may be hazardous. Exposing iPhone to environments having high concentrations of industrial chemicals, including near evaporating liquefied gasses such as helium, may damage or impair iPhone functionality. Obey all signs and instructions.

Additionally, the official iPhone user guide also states:

If your device has been affected and shows signs of not powering on, the device can typically be recovered. Leave the unit unconnected from a charging cable and let it air out for approximately one week. The helium must fully dissipate from the device, and the device battery should fully discharge in the process. After a week, plug your device directly into a power adapter and let it charge for up to one hour. Then the device can be turned on again.

The Reddit user investigated the possibility of a helium incident and found that indeed, during testing, helium had leaked from the MRI unit into the HVAC system of the hospital at approximately the same time as the first reported cases of dead iOS devices.

To validate his findings, the user has posted a video online showing a functioning iPhone in a sealable bag which is filled with helium. After 8 minutes of being in the bag, the device freezes and will not function at all and remained in this state for a few days until the battery had fully dissipated. After recharging the device, it appears to be back in full working order.

So, it looks like helium can be used for more things than just making your voice sound funny.

If anyone is thinking of hosting a birthday party at work with some nice helium-filled balloons, you might be stopped at the security gate and be told to leave the balloons at the door from now on.

QA deliver hundreds of cyber security courses from basic cyber hygiene advice, to more advanced courses covering incident response and penetration testing. See our website for more details - cyber.qa.com