A recent post on website Reddit has opened the way for a new raft of Denial of Service attacks using little more than a child's balloon!
Reddit user /u/harritaco posted recently that the medical centre where they work recently had an influx of dead iOS devices.
The Reddit user explained in a post that a new MRI machine was being installed and tested in their premises when a large number of staff members started reporting that their iOS devices had suddenly stopped working – they noted that no other devices were affected, only iOS devices from iPhone 6 and upwards (including Apple watches), no PCs, Android devices, or older iOS devices were affected.
Initially the focus of the investigation into the dead devices turned to whether an EMP (Electro-Magnetic Pulse) from the MRI machine could be the cause, but this would have affected more than just iOS devices, so the user turned to Reddit investigators to try to shed some light.
A few users mentioned that in the latest iPhone and Apple watch user guides it states that:
Charging or using iPhone in any area with a potentially explosive atmosphere, such as areas where the air contains high levels of flammable chemicals, vapours, or particles (such as grain, dust, or metal powders), may be hazardous. Exposing iPhone to environments having high concentrations of industrial chemicals, including near evaporating liquefied gasses such as helium, may damage or impair iPhone functionality. Obey all signs and instructions.
Additionally, the official iPhone user guide also states:
If your device has been affected and shows signs of not powering on, the device can typically be recovered. Leave the unit unconnected from a charging cable and let it air out for approximately one week. The helium must fully dissipate from the device, and the device battery should fully discharge in the process. After a week, plug your device directly into a power adapter and let it charge for up to one hour. Then the device can be turned on again.
The Reddit user investigated the possibility of a helium incident and found that indeed, during testing, helium had leaked from the MRI unit into the HVAC system of the hospital at approximately the same time as the first reported cases of dead iOS devices.
To validate his findings, the user has posted a video online showing a functioning iPhone in a sealable bag which is filled with helium. After 8 minutes of being in the bag, the device freezes and will not function at all and remained in this state for a few days until the battery had fully dissipated. After recharging the device, it appears to be back in full working order.
So, it looks like helium can be used for more things than just making your voice sound funny.
If anyone is thinking of hosting a birthday party at work with some nice helium-filled balloons, you might be stopped at the security gate and be told to leave the balloons at the door from now on.
QA deliver hundreds of cyber security courses from basic cyber hygiene advice, to more advanced courses covering incident response and penetration testing. See our website for more details - cyber.qa.com
After leaving a career as a Mechanical and Electrical Engineer in 1998, Mark started out with a fresh career as an IT trainer. Spending the first few years as an applications trainer, Mark excelled in delivering Microsoft Office and Adobe products. In-line with his background as an Engineer, Mark soon shifted focus to more technical deliveries, including hardware and networking topics; a field he has remained in ever since. As a natural progression of his career saw Mark start to explore the security aspect of his existing competencies and since 2005 has specialised in the Cyber Security domain. Mark has been the author of a number of QA Cyber Security courses and was the design authority and author of the 2017 NCSC Cyber First Academy. Mark is a C|EH and is currently undergoing the process of becoming an NCSC Certified Cyber Professional.
More articles by Mark
Mac attack! Apple malware on the rise
How random is random?
Sometimes an attack might be right in front of your eyes!
Who you gonna call?
Safer Internet Day 2019
The Invisible Attack