Page 1 of 2 12 LastLast
Results 1 to 20 of 29

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Samy Is My Hero: Spots Hotspot Vulnerability

  1. #1
    MMi Staff Writer Paul Daniel Ash's Avatar
    Join Date
    Aug 2009
    Location
    Union Square, Somerville, Mass.
    Posts
    919
    Thanks
    6
    Thanked 995 Times in 401 Posts

    Default Samy Is My Hero: Spots Hotspot Vulnerability


    The iPhone's ability to connect to "Known Networks" over WiFi is a handy feature... I'd hate to have to manually reassociate with my own wireless network every time I came home, for example. But what if the Known Network is an Unknown Network, posing as the Known Network? A security researcher found out how easy it is to spoof an iPhone, based on a dumb exception to basic security that Apple put into the OS for its buddies at AT&T.

    Ordinarily, an iPhone is going to check the MAC address of a wireless access point in addition to the network name in order to figure out if the network is Known. This is sensible as well as convenient: MAC addresses are unique and set at the factory, while WiFi network names (properly: Service Set IDentifiers or SSIDs) can be changed much more easily than MAC addresses can be spoofed. However, as researcher Samy Kamkar discovered almost by accident, there's an exception for one and only one WiFi network name: "attwifi".

    Kamkar (probably best known for the Samy is my hero MySpace worm) explained to Elinor Mills, the CNET security blogger, how he was at a Starbucks and "noticed that the prompt was different than normal" when he disconnected. He went home and had his own laptop broadcast the "attwifi" SSID. Sure enough, his iPhone automatically connected, as did "one or two other iPhones" within range. Apparently, the iPhone OS just flat bypasses MAC address verification if the WiFi network name is found. To prove that it's possible for iPhones to be hijacked by exploiting this vulnerability, Kamkar created a program (which he will supposedly announce on his Twitter feed when it's released) that will display messages and "make other modifications" to an iPhone user's Google Maps app when they are connected to the computer running the hijack.

    Apple - in what one would have to admit is a pretty lame response - says the "iPhone performs properly as a Wi-Fi device to automatically join known networks." However, according to the spokeswoman quoted in the CNET article, if you'd rather not be a victim of a man-in-the-middle attack, you can always "select to 'Forget This Network' after using a hot spot so the iPhone doesn't join another network of the same name automatically." Of course, you have to first connect to the network before you can Forget it.

    Yeah OK. Thanks, Apple.
    Last edited by Paul Daniel Ash; 04-29-2010 at 03:57 PM.

  2. The Following 3 Users Say Thank You to Paul Daniel Ash For This Useful Post:

    Freerunnering (04-30-2010), reyg25atx (04-29-2010), rmdavis (04-29-2010)

  3. #2
    Brilliant, so glad that im in the uk and NOT on AT&T right now. Apple are brilliant at design, except when it comes to security. Maybe they should employ somebody who is... maybe it would also stop 4g iphones being left in bars...
    The gates in my computer are AND, OR and NOT; they are not Bill.

    Iphone 3G, Ultrasn0w'ed using T-Mobile UK on a G1 Contract, 800 mins, Unlimited texting and unlimited internet! <--1337

  4. #3
    i hope it isnt the same with rogerswifi
    Name? whereswaldo
    iDevice + Firmware? 32GB Black iPhone 4 iOS 5.0
    Computer + OS? Dell Inspiron 15R 2nd Gen i5, 2.3 Ghz, 750GB HDD, 8GB RAM Windows 7 HP
    Location? Toronto
    Found yet? No

  5. #4
    Great job apple

  6. #5
    Green Apple alxn91's Avatar
    Join Date
    Apr 2010
    Location
    Houston, TX
    Posts
    60
    Thanks
    4
    Thanked 4 Times in 4 Posts

    It is not at&t wifi issue but an iphone OS issue

  7. #6
    Jesus. Apple, Fix it. Now!

  8. #7
    Britney Spears of MMi Zeal's Avatar
    Join Date
    Mar 2008
    Location
    Miami, FL
    Posts
    3,664
    Thanks
    27
    Thanked 180 Times in 148 Posts

    Apple... Retards
    EDM

  9. #8
    Oh my God....

    Embarrassed for apple, scared for me...
    Check out my Wallpaper Gallery - HERE

    PM me to make a request. If you want specific images used, give links in pm.

    Once I'm jailbroken I'll start doing Wallpapers, vWallpapers, and Themes.

  10. #9
    brilliant =^6)
    killall Terminal[]

  11. #10
    I've noticed this too with every open network named 'linksys'.

  12. #11
    iPhone? More like MyPhone PlatoTheForms's Avatar
    Join Date
    Mar 2008
    Location
    New York City
    Posts
    246
    Thanks
    159
    Thanked 10 Times in 10 Posts

    lol, people are now desperate about this issue; after having used the iPhone with the same vulnerability for 3 years.

  13. #12
    So should one try this in a apartment building. Change the router to attwifi and then force block all sites so people's iPhones don't work for any site?

  14. #13
    Livin the iPhone Life
    Join Date
    May 2008
    Posts
    8,023
    Thanks
    102
    Thanked 788 Times in 731 Posts

    Most WiFi networks in the US have a WPK/WPA/WPA2 security key. I assume this security door is still valid --- better be

    So ..... this vulnerability applies only if wifi security key is NOT set (open) and the SSID is attwifi.
    Last edited by Mes; 04-29-2010 at 06:40 PM.

  15. #14
    What's Jailbreak?
    Join Date
    Apr 2009
    Location
    wales UK
    Posts
    14
    Thanks
    1
    Thanked 5 Times in 2 Posts

    also the same for BT Openzone

  16. #15
    is it the same if the iphones unlocked?

  17. #16
    This pertains to the iPhones wifi access. So yes it is all iPhones.

  18. #17
    Livin the iPhone Life
    Join Date
    May 2008
    Posts
    8,023
    Thanks
    102
    Thanked 788 Times in 731 Posts

    Quote Originally Posted by jadi929 View Post
    is it the same if the iphones unlocked?
    Locked/unlocked/normal/jb'en. All iPhones are effected.

  19. #18
    MMi's "X" Member awesomeSlayer's Avatar
    Join Date
    May 2008
    Location
    Dragonspiral Tower in 3DS
    Posts
    4,524
    Thanks
    114
    Thanked 347 Times in 259 Posts

    Apple...are you that serious?
    Asking for help is different from being stupid. Fanboys can rot in @#$%!

  20. #19
    well it wasn't a big deal for the past 3 yrs. I bet only a few people were aware of this vulnerability

    now that it's out in the open though...yikes. you can bet easily 1/2 of all iPhone users will never hear of this problem. and a bunch of 'tards will utilize the exploit to screw people over.


    hopefully Apple closes this loophole quickly


    edit: note to self, stay out of Starbucks

  21. #20
    Luckily, i am just using WPK or WPA2 networks
    don't connect to free ones, like starbuck ,.Mac Donalds or somewhere else.

Page 1 of 2 12 LastLast
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •