Re: [Fed-Talk] A serious security issue with iOS (iPad and iPhone)
Re: [Fed-Talk] A serious security issue with iOS (iPad and iPhone)
- Subject: Re: [Fed-Talk] A serious security issue with iOS (iPad and iPhone)
- From: David Mueller <email@hidden>
- Date: Wed, 15 Feb 2012 07:56:23 -0800
- Thread-topic: [Fed-Talk] A serious security issue with iOS (iPad and iPhone)
Not directly related to Jared's post, but simply the one I had in this
thread to reply to.
One way to reduce your risk to this issue is to turn off wifi when you
aren't specifically using it. This would prevent your phone from associating
itself from a wifi network without your realizing it, instead staying on the
cellular network.
- David
On 2/15/12 6:07 AM, "Nichols, Jared - 1170 - MITLL"
<email@hidden> wrote:
> Back when I worked in Apple Retail (left in 2004, so this certainly could have
> changed by now) the WiFi access provided to the public was run off of Apple's
> own infrastructure, not a third party. There were dedicated data lines each
> for front of house (e.g. the public) operations and back of house (e.g.
> corporate) functions.
>
> j
> ---
> Jared F. Nichols
> Desktop Engineer, Client Services
> Information Services Department
> MIT Lincoln Laboratory
> 244 Wood Street
> Lexington, Massachusetts 02420
> 781.981.5436
>
> On Feb 14, 2012, at 3:45 PM, Pike, Michael (IHS/HQ) wrote:
>
>> The best $4.99 (or maybe it was $5.99) I ever spent on a network app for the
>> iPhone..
>>
>> Want to see something really fun, download iNet from the iOS app store...
>>
>> Go in to your local Apple retail store and scan away... WOW....
>>
>> I think (but cannot confirm) that Apple Retail uses attwifi backed access
>> points for their public access, at least I remember seeing that when I ran
>> the above scan.
>>
>> Keep in mind when ATT helps someone set up a phone in the store, they usually
>> connect to the local wifi in the store, thereby opening the phone to this
>> attack...
>>
>> Keep in mind MOST iPhone users are like my mom, they know "it works" and do
>> not go into advanced settings. If Apple is in fact attwifi backed, I wonder
>> if even connecting at the apple store will open this hole as well... I go to
>> the apple store quite a bit and leech internet if I have a large iOS
>> download.
>>
>> Security folks have a fun job! :)
>>
>> Mike
>>
>> On Feb 14, 2012, at 1:16 PM, Todd Heberlein wrote:
>>
>>>
>>> On Feb 14, 2012, at 11:53 AM, Pike, Michael (IHS/HQ) wrote:
>>>
>>>> If you have ATT (havent tried with non ATT phones or iPads), and you have
>>>> Wifi turned on, and there is an access point named "attwifi" - your phone
>>>> will connect, automatically, unencrypted, without prompting...
>>>
>>> Does this happen even if your have "Ask to Join Networks" turned on?
>>>
>>> Do you have to join an ATT network at least once (to make it a "known
>>> network") for this to happen, or is ATT hard coded into the OS?
>>>
>>> If you have your phone join your home/work WiFi automatically, and someone
>>> somewhere else gives their WiFi the exact same name, will your device join
>>> it without prompting you?
>>>
>>> Todd
>>>
>>
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Fed-talk mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>>
>> This email sent to email@hidden
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden