• Your favorite








    , and
  • Samy Is My Hero: Spots Hotspot Vulnerability

    The iPhone's ability to connect to "Known Networks" over WiFi is a handy feature... I'd hate to have to manually reassociate with my own wireless network every time I came home, for example. But what if the Known Network is an Unknown Network, posing as the Known Network? A security researcher found out how easy it is to spoof an iPhone, based on a dumb exception to basic security that Apple put into the OS for its buddies at AT&T.

    Ordinarily, an iPhone is going to check the MAC address of a wireless access point in addition to the network name in order to figure out if the network is Known. This is sensible as well as convenient: MAC addresses are unique and set at the factory, while WiFi network names (properly: Service Set IDentifiers or SSIDs) can be changed much more easily than MAC addresses can be spoofed. However, as researcher Samy Kamkar discovered almost by accident, there's an exception for one and only one WiFi network name: "attwifi".

    Kamkar (probably best known for the Samy is my hero MySpace worm) explained to Elinor Mills, the CNET security blogger, how he was at a Starbucks and "noticed that the prompt was different than normal" when he disconnected. He went home and had his own laptop broadcast the "attwifi" SSID. Sure enough, his iPhone automatically connected, as did "one or two other iPhones" within range. Apparently, the iPhone OS just flat bypasses MAC address verification if the WiFi network name is found. To prove that it's possible for iPhones to be hijacked by exploiting this vulnerability, Kamkar created a program (which he will supposedly announce on his Twitter feed when it's released) that will display messages and "make other modifications" to an iPhone user's Google Maps app when they are connected to the computer running the hijack.

    Apple - in what one would have to admit is a pretty lame response - says the "iPhone performs properly as a Wi-Fi device to automatically join known networks." However, according to the spokeswoman quoted in the CNET article, if you'd rather not be a victim of a man-in-the-middle attack, you can always "select to 'Forget This Network' after using a hot spot so the iPhone doesn't join another network of the same name automatically." Of course, you have to first connect to the network before you can Forget it.

    Yeah OK. Thanks, Apple.
    This article was originally published in forum thread: Samy Is My Hero: Spots Hotspot Vulnerability started by Paul Daniel Ash View original post
    Comments 28 Comments
    1. computid's Avatar
      computid -
      Brilliant, so glad that im in the uk and NOT on AT&T right now. Apple are brilliant at design, except when it comes to security. Maybe they should employ somebody who is... maybe it would also stop 4g iphones being left in bars...
    1. whereswaldo's Avatar
      whereswaldo -
      i hope it isnt the same with rogerswifi
    1. Zamphire's Avatar
      Zamphire -
      Great job apple
    1. alxn91's Avatar
      alxn91 -
      It is not at&t wifi issue but an iphone OS issue
    1. extremzocker's Avatar
      extremzocker -
      Jesus. Apple, Fix it. Now!
    1. Zeal's Avatar
      Zeal -
      Apple... Retards
    1. FuseUnison's Avatar
      FuseUnison -
      Oh my God....

      Embarrassed for apple, scared for me...
    1. rhekt's Avatar
      rhekt -
      brilliant =^6)
    1. Amadomon's Avatar
      Amadomon -
      I've noticed this too with every open network named 'linksys'.
    1. PlatoTheForms's Avatar
      PlatoTheForms -
      lol, people are now desperate about this issue; after having used the iPhone with the same vulnerability for 3 years.
    1. Cer0's Avatar
      Cer0 -
      So should one try this in a apartment building. Change the router to attwifi and then force block all sites so people's iPhones don't work for any site?
    1. Mes's Avatar
      Mes -
      Most WiFi networks in the US have a WPK/WPA/WPA2 security key. I assume this security door is still valid --- better be

      So ..... this vulnerability applies only if wifi security key is NOT set (open) and the SSID is attwifi.
    1. mar01006765's Avatar
      mar01006765 -
      also the same for BT Openzone
    1. jadi929's Avatar
      jadi929 -
      is it the same if the iphones unlocked?
    1. Cer0's Avatar
      Cer0 -
      This pertains to the iPhones wifi access. So yes it is all iPhones.
    1. Mes's Avatar
      Mes -
      Quote Originally Posted by jadi929 View Post
      is it the same if the iphones unlocked?
      Locked/unlocked/normal/jb'en. All iPhones are effected.
    1. awesomeSlayer's Avatar
      awesomeSlayer -
      Apple...are you that serious?
    1. Tylus's Avatar
      Tylus -
      well it wasn't a big deal for the past 3 yrs. I bet only a few people were aware of this vulnerability

      now that it's out in the open though...yikes. you can bet easily 1/2 of all iPhone users will never hear of this problem. and a bunch of 'tards will utilize the exploit to screw people over.

      hopefully Apple closes this loophole quickly

      edit: note to self, stay out of Starbucks
    1. ModJoe's Avatar
      ModJoe -
      Luckily, i am just using WPK or WPA2 networks
      don't connect to free ones, like starbuck ,.Mac Donalds or somewhere else.
    1. travelbytommy's Avatar
      travelbytommy -
      I don't see the big deal. I have my mom's wifi, my sister's wifi, and my home wifi all with the same SSID and password as my work wifi so both my iphone and computer think it is the same network. Keeps everything simple. Although I should point out that if Apple and AT&T didn't have this stupid scheme to keep us locked to a single network we wouldn't be having this issue. I keep getting closer and closer to a new PC every day.