• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: [Fed-Talk] A serious security issue with iOS (iPad and iPhone)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] A serious security issue with iOS (iPad and iPhone)

  • Subject: Re: [Fed-Talk] A serious security issue with iOS (iPad and iPhone)
  • From: "Pike, Michael (IHS/HQ)" <email@hidden>
  • Date: Tue, 14 Feb 2012 20:45:53 +0000
  • Thread-topic: [Fed-Talk] A serious security issue with iOS (iPad and iPhone)
The best $4.99 (or maybe it was $5.99) I ever spent on a network app for the iPhone..

Want to see something really fun, download iNet from the iOS app store...

Go in to your local Apple retail store and scan away... WOW....

I think (but cannot confirm) that Apple Retail uses attwifi backed access points for their public access, at least I remember seeing that when I ran the above scan.

Keep in mind when ATT helps someone set up a phone in the store, they usually connect to the local wifi in the store, thereby opening the phone to this attack...

Keep in mind MOST iPhone users are like my mom, they know "it works" and do not go into advanced settings.  If Apple is in fact attwifi backed, I wonder if even connecting at the apple store will open this hole as well... I go to the apple store quite a bit and leech internet if I have a large iOS download.

Security folks have a fun job! :)

Mike

On Feb 14, 2012, at 1:16 PM, Todd Heberlein wrote:

>
> On Feb 14, 2012, at 11:53 AM, Pike, Michael (IHS/HQ) wrote:
>
>> If you have ATT (havent tried with non ATT phones or iPads), and you have Wifi turned on, and there is an access point named "attwifi" - your phone will connect, automatically, unencrypted, without prompting...
>
> Does this happen even if your have "Ask to Join Networks" turned on?
>
> Do you have to join an ATT network at least once (to make it a "known network") for this to happen, or is ATT hard coded into the OS?
>
> If you have your phone join your home/work WiFi automatically, and someone somewhere else gives their WiFi the exact same name, will your device join it without prompting you?
>
> Todd
>


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >[Fed-Talk] A serious security issue with iOS (iPad and iPhone) (From: "Pike, Michael (IHS/HQ)" <email@hidden>)
 >Re: [Fed-Talk] A serious security issue with iOS (iPad and iPhone) (From: Todd Heberlein <email@hidden>)

  • Prev by Date: Re: [Fed-Talk] Death of signatures
  • Next by Date: Re: [Fed-Talk] Death of signatures
  • Previous by thread: Re: [Fed-Talk] A serious security issue with iOS (iPad and iPhone)
  • Next by thread: Re: [Fed-Talk] A serious security issue with iOS (iPad and iPhone)
  • Index(es):
    • Date
    • Thread