Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.
04-29-2010, 03:53 PM #1
Samy Is My Hero: Spots Hotspot Vulnerability
The iPhone's ability to connect to "Known Networks" over WiFi is a handy feature... I'd hate to have to manually reassociate with my own wireless network every time I came home, for example. But what if the Known Network is an Unknown Network, posing as the Known Network? A security researcher found out how easy it is to spoof an iPhone, based on a dumb exception to basic security that Apple put into the OS for its buddies at AT&T.
Ordinarily, an iPhone is going to check the MAC address of a wireless access point in addition to the network name in order to figure out if the network is Known. This is sensible as well as convenient: MAC addresses are unique and set at the factory, while WiFi network names (properly: Service Set IDentifiers or SSIDs) can be changed much more easily than MAC addresses can be spoofed. However, as researcher Samy Kamkar discovered almost by accident, there's an exception for one and only one WiFi network name: "attwifi".
Kamkar (probably best known for the Samy is my hero MySpace worm) explained to Elinor Mills, the CNET security blogger, how he was at a Starbucks and "noticed that the prompt was different than normal" when he disconnected. He went home and had his own laptop broadcast the "attwifi" SSID. Sure enough, his iPhone automatically connected, as did "one or two other iPhones" within range. Apparently, the iPhone OS just flat bypasses MAC address verification if the WiFi network name is found. To prove that it's possible for iPhones to be hijacked by exploiting this vulnerability, Kamkar created a program (which he will supposedly announce on his Twitter feed when it's released) that will display messages and "make other modifications" to an iPhone user's Google Maps app when they are connected to the computer running the hijack.
Apple - in what one would have to admit is a pretty lame response - says the "iPhone performs properly as a Wi-Fi device to automatically join known networks." However, according to the spokeswoman quoted in the CNET article, if you'd rather not be a victim of a man-in-the-middle attack, you can always "select to 'Forget This Network' after using a hot spot so the iPhone doesn't join another network of the same name automatically." Of course, you have to first connect to the network before you can Forget it.
Yeah OK. Thanks, Apple.
Last edited by Paul Daniel Ash; 04-29-2010 at 03:57 PM.
04-29-2010, 03:58 PM #2
Brilliant, so glad that im in the uk and NOT on AT&T right now. Apple are brilliant at design, except when it comes to security. Maybe they should employ somebody who is... maybe it would also stop 4g iphones being left in bars...The gates in my computer are AND, OR and NOT; they are not Bill.
Iphone 3G, Ultrasn0w'ed using T-Mobile UK on a G1 Contract, 800 mins, Unlimited texting and unlimited internet! <--1337
04-29-2010, 04:02 PM #3
i hope it isnt the same with rogerswifiName? whereswaldo
iDevice + Firmware? 32GB Black iPhone 4 iOS 5.0
Computer + OS? Dell Inspiron 15R 2nd Gen i5, 2.3 Ghz, 750GB HDD, 8GB RAM Windows 7 HP
Found yet? No
04-29-2010, 04:08 PM #4
Great job apple
04-29-2010, 04:29 PM #5
It is not at&t wifi issue but an iphone OS issue
04-29-2010, 04:31 PM #6
Jesus. Apple, Fix it. Now!
04-29-2010, 04:41 PM #7
04-29-2010, 04:43 PM #8
Oh my God....
Embarrassed for apple, scared for me...Check out my Wallpaper Gallery - HERE
PM me to make a request. If you want specific images used, give links in pm.
Once I'm jailbroken I'll start doing Wallpapers, vWallpapers, and Themes.
04-29-2010, 04:48 PM #9
brilliant =^6)killall Terminal
04-29-2010, 04:55 PM #10
I've noticed this too with every open network named 'linksys'.
04-29-2010, 05:39 PM #11
lol, people are now desperate about this issue; after having used the iPhone with the same vulnerability for 3 years.
04-29-2010, 05:56 PM #12
So should one try this in a apartment building. Change the router to attwifi and then force block all sites so people's iPhones don't work for any site?
04-29-2010, 06:38 PM #13
Most WiFi networks in the US have a WPK/WPA/WPA2 security key. I assume this security door is still valid --- better be
So ..... this vulnerability applies only if wifi security key is NOT set (open) and the SSID is attwifi.
Last edited by Mes; 04-29-2010 at 06:40 PM.
04-29-2010, 06:39 PM #14
also the same for BT Openzone
04-29-2010, 06:47 PM #15
is it the same if the iphones unlocked?
04-29-2010, 07:13 PM #16
This pertains to the iPhones wifi access. So yes it is all iPhones.
04-29-2010, 07:37 PM #17
04-29-2010, 07:57 PM #18
Apple...are you that serious?
Asking for help is different from being stupid. Fanboys can rot in @#$%!
04-30-2010, 01:59 AM #19
well it wasn't a big deal for the past 3 yrs. I bet only a few people were aware of this vulnerability
now that it's out in the open though...yikes. you can bet easily 1/2 of all iPhone users will never hear of this problem. and a bunch of 'tards will utilize the exploit to screw people over.
hopefully Apple closes this loophole quickly
edit: note to self, stay out of Starbucks
04-30-2010, 03:10 AM #20
Luckily, i am just using WPK or WPA2 networks
don't connect to free ones, like starbuck ,.Mac Donalds or somewhere else.