We have harped about a thousand times
on the dangers of open Wi-Fi networks. Seriously people, it’s just a bad idea.
And now, security researchers say they’ve found a flaw in iPhones that can
force users to connect to these networks without them even knowing it.
The flaw is in the configuration
settings that are set up by carriers like Vodafone and AT&T.
Imagine you had to manually reconnect each day to your home, work, or favorite coffee shop networks? That would be cumbersome. Operating systems have a great feature, allowing automatic connection to networks they previously connected to. However, this feature has security consequences: attackers can simply guess (e.g., “Apple Store”, “Boingo Hotspot”) or retrieve the SSID of previously used networks, and cause victims’ devices to automatically connect to their rogue network, without the victims’ approval. Once the victims are connected to the rogue network, the attackers can utilize common MiTM (man in the middle) tools…to attack their victims. [Skycure Security]
To test their hypothesis, the
researchers took their setup to a popular restaurant in Tel Aviv, Israel and
set up a fake Wi-Fi network. 60 people connected within the first minute. Holy smokes! But wait, it gets even
better. Even the most security conscious mobile users fell victim. In another
test, the folks at Skycure set up a similar fake network at a cybersecurity
conference. In just two and a half hours, 448 cybersecurity professionals
auto-connected to their network.
Fortunately, the people at Skycure
aren’t hackers and never launched attacks on any of the connected iPhones, but
the kind of software needed for man-in-the-middle attacks used in this kind of
situation is cheap, readily available, and dead-simple to use.
The only real work-around for iPhone
users is to turn off Wi-Fi when you’re not using it — which we highly recommend.
No comments:
Post a Comment