Re: [Fed-Talk] A serious security issue with iOS (iPad and iPhone)
Re: [Fed-Talk] A serious security issue with iOS (iPad and iPhone)
- Subject: Re: [Fed-Talk] A serious security issue with iOS (iPad and iPhone)
- From: Jeffrey Walton <email@hidden>
- Date: Tue, 14 Feb 2012 15:12:23 -0500
On Tue, Feb 14, 2012 at 2:53 PM, Pike, Michael (IHS/HQ)
<email@hidden> wrote:
> So... we tried an experiment, and I couldn't believe the results, and this is something Apple (and ATT probably) need to address.
>
> If you have ATT (havent tried with non ATT phones or iPads), and you have Wifi turned on, and there is an access point named "attwifi" - your phone will connect, automatically, unencrypted, without prompting...
>
> We tried it at the office and got about 10 phones connected instantly, and subsequently where able to log all traffic, the users didnt even know.
>
> For giggles I went to the mall, did the same thing, I had over 60 iOS devices within 5 minutes, and captured all of their traffic.. granted a lot of it was encrypted (iCloud emails queries, iMessage, etc)... but I could read everyone's facebook and twitter posts with absolutely no effort.
>
> If there is truth to the SSL "man in the middle" attacks, it would be possible to grab the encrypted info as well...
>
> None of these people even knew they were on a non attwifi...
>
> There needs to be some type of verification on the iOS device other than an SSID which can be set by anyone.
http://news.cnet.com/8301-27080_3-20003455-245.html
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden