Re: [Fed-Talk] A serious security issue with iOS (iPad and iPhone)
Re: [Fed-Talk] A serious security issue with iOS (iPad and iPhone)
- Subject: Re: [Fed-Talk] A serious security issue with iOS (iPad and iPhone)
- From: "Pike, Michael (IHS/HQ)" <email@hidden>
- Date: Wed, 15 Feb 2012 16:27:07 +0000
- Thread-topic: [Fed-Talk] A serious security issue with iOS (iPad and iPhone)
There were no less than 500 devices when I scanned it. I guess that could be possible in an apple store though.
Transcribed by Siri on my iPhone 4S
On Feb 15, 2012, at 7:07 AM, "Nichols, Jared - 1170 - MITLL" <email@hidden<mailto:email@hidden>> wrote:
Back when I worked in Apple Retail (left in 2004, so this certainly could have changed by now) the WiFi access provided to the public was run off of Apple's own infrastructure, not a third party. There were dedicated data lines each for front of house (e.g. the public) operations and back of house (e.g. corporate) functions.
j
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436
On Feb 14, 2012, at 3:45 PM, Pike, Michael (IHS/HQ) wrote:
The best $4.99 (or maybe it was $5.99) I ever spent on a network app for the iPhone..
Want to see something really fun, download iNet from the iOS app store...
Go in to your local Apple retail store and scan away... WOW....
I think (but cannot confirm) that Apple Retail uses attwifi backed access points for their public access, at least I remember seeing that when I ran the above scan.
Keep in mind when ATT helps someone set up a phone in the store, they usually connect to the local wifi in the store, thereby opening the phone to this attack...
Keep in mind MOST iPhone users are like my mom, they know "it works" and do not go into advanced settings. If Apple is in fact attwifi backed, I wonder if even connecting at the apple store will open this hole as well... I go to the apple store quite a bit and leech internet if I have a large iOS download.
Security folks have a fun job! :)
Mike
On Feb 14, 2012, at 1:16 PM, Todd Heberlein wrote:
On Feb 14, 2012, at 11:53 AM, Pike, Michael (IHS/HQ) wrote:
If you have ATT (havent tried with non ATT phones or iPads), and you have Wifi turned on, and there is an access point named "attwifi" - your phone will connect, automatically, unencrypted, without prompting...
Does this happen even if your have "Ask to Join Networks" turned on?
Do you have to join an ATT network at least once (to make it a "known network") for this to happen, or is ATT hard coded into the OS?
If you have your phone join your home/work WiFi automatically, and someone somewhere else gives their WiFi the exact same name, will your device join it without prompting you?
Todd
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden<mailto:email@hidden>)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden<mailto:email@hidden>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden