Wednesday 12 June 2013

Your iPhone will Auto-Connect to Data Thieves

We have harped about a thousand times on the dangers of open Wi-Fi networks. Seriously people, it’s just a bad idea. And now, security researchers say they’ve found a flaw in iPhones that can force users to connect to these networks without them even knowing it.

The flaw is in the configuration settings that are set up by carriers like Vodafone and AT&T.
Imagine you had to manually reconnect each day to your home, work, or favorite coffee shop networks? That would be cumbersome. Operating systems have a great feature, allowing automatic connection to networks they previously connected to. However, this feature has security consequences: attackers can simply guess (e.g., “Apple Store”, “Boingo Hotspot”) or retrieve the SSID of previously used networks, and cause victims’ devices to automatically connect to their rogue network, without the victims’ approval. Once the victims are connected to the rogue network, the attackers can utilize common MiTM (man in the middle) tools…to attack their victims. [Skycure Security]

To test their hypothesis, the researchers took their setup to a popular restaurant in Tel Aviv, Israel and set up a fake Wi-Fi network. 60 people connected within the first minute. Holy smokes! But wait, it gets even better. Even the most security conscious mobile users fell victim. In another test, the folks at Skycure set up a similar fake network at a cybersecurity conference. In just two and a half hours, 448 cybersecurity professionals auto-connected to their network.
Fortunately, the people at Skycure aren’t hackers and never launched attacks on any of the connected iPhones, but the kind of software needed for man-in-the-middle attacks used in this kind of situation is cheap, readily available, and dead-simple to use.
The only real work-around for iPhone users is to turn off Wi-Fi when you’re not using it — which we highly recommend.

You can try SumRando for free here.

No comments:

Post a Comment