+ Reply
Page 2 of 2 FirstFirst 12
Results 21 to 29 of 29

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Samy Is My Hero: Spots Hotspot Vulnerability

is a discussion within the

iPhone News

forums, a part of the

General iPhone

section;
I don't see the big deal. I have my mom's wifi, my sister's wifi, and my home wifi all with the same SSID and password as my work wifi so
...
  1. #21
    What's Jailbreak?
    Join Date
    Sep 2007
    Posts
    19
    Thanks
    4
    Thanked 0 Times in 0 Posts

    I don't see the big deal. I have my mom's wifi, my sister's wifi, and my home wifi all with the same SSID and password as my work wifi so both my iphone and computer think it is the same network. Keeps everything simple. Although I should point out that if Apple and AT&T didn't have this stupid scheme to keep us locked to a single network we wouldn't be having this issue. I keep getting closer and closer to a new PC every day.

  2. #22
    Green Apple
    Join Date
    Jul 2009
    Location
    Kansas
    Posts
    60
    Thanks
    3
    Thanked 4 Times in 2 Posts

    I ran into this last summer. Was driving and trying to look up a place on Google maps. I was close enough to connect but far enough away it wouldn't do ****. Basically it temporarily killed my internet since the phone was trying to use wifi instead of 3G. Pissed me off that it happened since I was in a hurry.

  3. #23
    iPhone? More like MyPhone
    Join Date
    Sep 2009
    Posts
    172
    Thanks
    3
    Thanked 16 Times in 12 Posts

    He will probably administer and attack on skyhook wifi positioning system...messages he will prompt on the iPhone...not to sure! I bet they will be trivial though. Unless some holes are found in the iPhone os the device per se is safe. You are however vulnerable to a mitm attack. Hope your using encrypted connections to your email servers and such. Even then with the data being intercepted, stored, then passed on and vice versa from the server end there is still a great potential for it to be cracked. Not that ba of a security flaw...one option to maintain this AT&T autojoin crap is for AT&T to use a standard vendor with a certain amount of characters in the mac being standard... That will only help a little.... Fact of the matter is people join open wifi all the time to leech

  4. #24
    iPhone? More like MyPhone
    Join Date
    Mar 2008
    Posts
    152
    Thanks
    4
    Thanked 4 Times in 3 Posts

    So long story short ; I use wep encryption on my networks! So....
    1. Is this going to effect me?
    2. If someone uses this exploit, what can they do to my iPhone?
    3. Can someone explain a little better what exactly is taking place, or maybe give an example in terms I could better understand?

  5. #25
    Mes
    Mes is offline
    Livin the iPhone Life
    Join Date
    May 2008
    Posts
    8,025
    Thanks
    102
    Thanked 788 Times in 731 Posts

    ^If you use any encryption (WEP/WEP2/WPK/WAP) you're safe.

  6. #26
    Super Moderator Cer0's Avatar
    Join Date
    Apr 2008
    Location
    MN/WI
    Posts
    13,999
    Thanks
    388
    Thanked 1,141 Times in 891 Posts

    Basically he is saying that the iPhone is designed to auto signon to a network you have used before with the iPhone. So since the iPhone s free to use on ATT's free wifi network setup in many shops there is a small part in the phone that says, when you see a broadcast SSID of "attwifi" connect to that. So if you are in a building and someone has a router broadcasting attwifi then the phone will auto connect to that. Allowing them access to your phone.

  7. #27
    My iPhone is a Part of Me
    Join Date
    Jan 2009
    Posts
    699
    Thanks
    32
    Thanked 61 Times in 44 Posts

    Quote Originally Posted by cerote View Post
    Basically he is saying that the iPhone is designed to auto signon to a network you have used before with the iPhone. So since the iPhone s free to use on ATT's free wifi network setup in many shops there is a small part in the phone that says, when you see a broadcast SSID of "attwifi" connect to that. So if you are in a building and someone has a router broadcasting attwifi then the phone will auto connect to that. Allowing them access to your phone.
    Actually, the first part is wrong. He's saying that you have to have connected to an "attwifi" hotspot before but that it will connect to any one from then on. They are saying that it will not do that with other SSIDs because the MAC addresses don't match but that the iPhone has been programmed to ignore the MAC addresses for that specific SSID.

    That last part is misleading too. It allows them to intercept web traffic. They can spoof, say, your bank, eBay, PayPal, facebook, etc login pages to steal your passwords. They can also intercept and substitute other unprotected traffic, like Google Maps' suggestions as shown in their example. It doesn't let them directly take over your phone without a browser expliot which, if combined with the trick "Spirit" would have used, could have led to rampant exploiting.

    That said, I never realized that it took anything other than the SSID into consideration. I could swear that if I had connected to an open "linksys" access point that it would jump on any other open linksys access point I encounter until I tell the phone to forget it. I know that some WiFi utilities stupidly work this way.
    Last edited by CZroe; 04-30-2010 at 10:34 PM.

  8. #28
    Super Moderator Cer0's Avatar
    Join Date
    Apr 2008
    Location
    MN/WI
    Posts
    13,999
    Thanks
    388
    Thanked 1,141 Times in 891 Posts

    That is semi what I meant to have access to your phone. Got a migraine going on. Correct, could setup fake site of facebook and catch all those. Or catch someone that has SSH installed and not have the password changed.

  9. #29
    What's Jailbreak?
    Join Date
    Dec 2008
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    What about the Boingo app that does this for me based on two pass authentication?

+ Reply
Page 2 of 2 FirstFirst 12
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts