[Fed-Talk] A serious security issue with iOS (iPad and iPhone)
[Fed-Talk] A serious security issue with iOS (iPad and iPhone)
- Subject: [Fed-Talk] A serious security issue with iOS (iPad and iPhone)
- From: "Pike, Michael (IHS/HQ)" <email@hidden>
- Date: Tue, 14 Feb 2012 19:53:05 +0000
- Thread-topic: A serious security issue with iOS (iPad and iPhone)
So... we tried an experiment, and I couldn't believe the results, and this is something Apple (and ATT probably) need to address.
If you have ATT (havent tried with non ATT phones or iPads), and you have Wifi turned on, and there is an access point named "attwifi" - your phone will connect, automatically, unencrypted, without prompting...
We tried it at the office and got about 10 phones connected instantly, and subsequently where able to log all traffic, the users didnt even know.
For giggles I went to the mall, did the same thing, I had over 60 iOS devices within 5 minutes, and captured all of their traffic.. granted a lot of it was encrypted (iCloud emails queries, iMessage, etc)... but I could read everyone's facebook and twitter posts with absolutely no effort.
If there is truth to the SSL "man in the middle" attacks, it would be possible to grab the encrypted info as well...
None of these people even knew they were on a non attwifi...
There needs to be some type of verification on the iOS device other than an SSID which can be set by anyone.
Thoughts?
Mike
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden