+ Reply
Page 1 of 2 12 LastLast
Results 1 to 20 of 29

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Samy Is My Hero: Spots Hotspot Vulnerability

is a discussion within the

iPhone News

forums, a part of the

General iPhone

section;
The iPhone's ability to connect to "Known Networks" over WiFi is a handy feature... I'd hate to have to manually reassociate with my own wireless network every time I came
...
  1. #1
    MMi Staff Writer Paul Daniel Ash's Avatar
    Join Date
    Aug 2009
    Location
    Union Square, Somerville, Mass.
    Posts
    919
    Thanks
    6
    Thanked 995 Times in 401 Posts

    Default Samy Is My Hero: Spots Hotspot Vulnerability


    The iPhone's ability to connect to "Known Networks" over WiFi is a handy feature... I'd hate to have to manually reassociate with my own wireless network every time I came home, for example. But what if the Known Network is an Unknown Network, posing as the Known Network? A security researcher found out how easy it is to spoof an iPhone, based on a dumb exception to basic security that Apple put into the OS for its buddies at AT&T.

    Ordinarily, an iPhone is going to check the MAC address of a wireless access point in addition to the network name in order to figure out if the network is Known. This is sensible as well as convenient: MAC addresses are unique and set at the factory, while WiFi network names (properly: Service Set IDentifiers or SSIDs) can be changed much more easily than MAC addresses can be spoofed. However, as researcher Samy Kamkar discovered almost by accident, there's an exception for one and only one WiFi network name: "attwifi".

    Kamkar (probably best known for the Samy is my hero MySpace worm) explained to Elinor Mills, the CNET security blogger, how he was at a Starbucks and "noticed that the prompt was different than normal" when he disconnected. He went home and had his own laptop broadcast the "attwifi" SSID. Sure enough, his iPhone automatically connected, as did "one or two other iPhones" within range. Apparently, the iPhone OS just flat bypasses MAC address verification if the WiFi network name is found. To prove that it's possible for iPhones to be hijacked by exploiting this vulnerability, Kamkar created a program (which he will supposedly announce on his Twitter feed when it's released) that will display messages and "make other modifications" to an iPhone user's Google Maps app when they are connected to the computer running the hijack.

    Apple - in what one would have to admit is a pretty lame response - says the "iPhone performs properly as a Wi-Fi device to automatically join known networks." However, according to the spokeswoman quoted in the CNET article, if you'd rather not be a victim of a man-in-the-middle attack, you can always "select to 'Forget This Network' after using a hot spot so the iPhone doesn't join another network of the same name automatically." Of course, you have to first connect to the network before you can Forget it.

    Yeah OK. Thanks, Apple.
    Last edited by Paul Daniel Ash; 04-29-2010 at 02:57 PM.

  2. The Following 3 Users Say Thank You to Paul Daniel Ash For This Useful Post:

    Freerunnering (04-30-2010), reyg25atx (04-29-2010), rmdavis (04-29-2010)

  3. #2
    Green Apple computid's Avatar
    Join Date
    Dec 2008
    Location
    England
    Posts
    53
    Thanks
    1
    Thanked 3 Times in 3 Posts

    Brilliant, so glad that im in the uk and NOT on AT&T right now. Apple are brilliant at design, except when it comes to security. Maybe they should employ somebody who is... maybe it would also stop 4g iphones being left in bars...
    The gates in my computer are AND, OR and NOT; they are not Bill.

    Iphone 3G, Ultrasn0w'ed using T-Mobile UK on a G1 Contract, 800 mins, Unlimited texting and unlimited internet! <--1337

  4. #3
    Go Giants whereswaldo's Avatar
    Join Date
    Jul 2009
    Location
    Toronto
    Posts
    4,382
    Thanks
    187
    Thanked 359 Times in 257 Posts

    i hope it isnt the same with rogerswifi
    Name? whereswaldo
    iDevice + Firmware? 32GB Black iPhone 4 iOS 5.0
    Computer + OS? Dell Inspiron 15R 2nd Gen i5, 2.3 Ghz, 750GB HDD, 8GB RAM Windows 7 HP
    Location? Toronto
    Found yet? No

  5. #4
    iPhone? More like MyPhone
    Join Date
    Jan 2008
    Posts
    139
    Thanks
    1
    Thanked 31 Times in 14 Posts

    Great job apple

  6. #5
    Green Apple alxn91's Avatar
    Join Date
    Apr 2010
    Location
    Houston, TX
    Posts
    60
    Thanks
    4
    Thanked 4 Times in 4 Posts

    It is not at&t wifi issue but an iphone OS issue

  7. #6
    iPhoneaholic extremzocker's Avatar
    Join Date
    May 2009
    Location
    London, UK
    Posts
    436
    Thanks
    14
    Thanked 15 Times in 14 Posts

    Jesus. Apple, Fix it. Now!

  8. #7
    Britney Spears of MMi Zeal's Avatar
    Join Date
    Mar 2008
    Location
    Miami, FL
    Posts
    3,664
    Thanks
    27
    Thanked 180 Times in 148 Posts

    Apple... Retards
    EDM

  9. #8
    Green Apple FuseUnison's Avatar
    Join Date
    Apr 2010
    Location
    ...wandering
    Posts
    77
    Thanks
    13
    Thanked 10 Times in 7 Posts

    Oh my God....

    Embarrassed for apple, scared for me...
    Check out my Wallpaper Gallery - HERE

    PM me to make a request. If you want specific images used, give links in pm.

    Once I'm jailbroken I'll start doing Wallpapers, vWallpapers, and Themes.

  10. #9
    Livin the iPhone Life rhekt's Avatar
    Join Date
    Jun 2009
    Posts
    1,294
    Thanks
    43
    Thanked 65 Times in 53 Posts

    brilliant =^6)
    killall Terminal[]

  11. #10
    iPhoneaholic Amadomon's Avatar
    Join Date
    Mar 2008
    Posts
    417
    Thanks
    9
    Thanked 38 Times in 34 Posts

    I've noticed this too with every open network named 'linksys'.

  12. #11
    iPhone? More like MyPhone PlatoTheForms's Avatar
    Join Date
    Mar 2008
    Location
    New York City
    Posts
    246
    Thanks
    159
    Thanked 10 Times in 10 Posts

    lol, people are now desperate about this issue; after having used the iPhone with the same vulnerability for 3 years.

  13. #12
    Super Moderator Cer0's Avatar
    Join Date
    Apr 2008
    Location
    MN/WI
    Posts
    13,984
    Thanks
    388
    Thanked 1,138 Times in 888 Posts

    So should one try this in a apartment building. Change the router to attwifi and then force block all sites so people's iPhones don't work for any site?

  14. #13
    Mes
    Mes is offline
    Livin the iPhone Life
    Join Date
    May 2008
    Posts
    8,025
    Thanks
    102
    Thanked 788 Times in 731 Posts

    Most WiFi networks in the US have a WPK/WPA/WPA2 security key. I assume this security door is still valid --- better be

    So ..... this vulnerability applies only if wifi security key is NOT set (open) and the SSID is attwifi.
    Last edited by Mes; 04-29-2010 at 05:40 PM.

  15. #14
    What's Jailbreak?
    Join Date
    Apr 2009
    Location
    wales UK
    Posts
    14
    Thanks
    1
    Thanked 5 Times in 2 Posts

    also the same for BT Openzone

  16. #15
    Green Apple
    Join Date
    Nov 2008
    Posts
    34
    Thanks
    2
    Thanked 2 Times in 2 Posts

    is it the same if the iphones unlocked?

  17. #16
    Super Moderator Cer0's Avatar
    Join Date
    Apr 2008
    Location
    MN/WI
    Posts
    13,984
    Thanks
    388
    Thanked 1,138 Times in 888 Posts

    This pertains to the iPhones wifi access. So yes it is all iPhones.

  18. #17
    Mes
    Mes is offline
    Livin the iPhone Life
    Join Date
    May 2008
    Posts
    8,025
    Thanks
    102
    Thanked 788 Times in 731 Posts

    Quote Originally Posted by jadi929 View Post
    is it the same if the iphones unlocked?
    Locked/unlocked/normal/jb'en. All iPhones are effected.

  19. #18
    MMi's "X" Member awesomeSlayer's Avatar
    Join Date
    May 2008
    Location
    Dragonspiral Tower in 3DS
    Posts
    4,524
    Thanks
    114
    Thanked 347 Times in 259 Posts

    Apple...are you that serious?
    Asking for help is different from being stupid. Fanboys can rot in @#$%!

  20. #19
    Green Apple
    Join Date
    Jan 2010
    Posts
    68
    Thanks
    14
    Thanked 7 Times in 4 Posts

    well it wasn't a big deal for the past 3 yrs. I bet only a few people were aware of this vulnerability

    now that it's out in the open though...yikes. you can bet easily 1/2 of all iPhone users will never hear of this problem. and a bunch of 'tards will utilize the exploit to screw people over.


    hopefully Apple closes this loophole quickly


    edit: note to self, stay out of Starbucks

  21. #20
    Green Apple ModJoe's Avatar
    Join Date
    Apr 2008
    Posts
    36
    Thanks
    4
    Thanked 1 Time in 1 Post
    Luckily, i am just using WPK or WPA2 networks
    don't connect to free ones, like starbuck ,.Mac Donalds or somewhere else.

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts