5 Comments

Summary:

The next time you finish using that free AT&T hotspot that stands as one of the few highlights of being an iPhone users on that network of questionable dependability, you might want to make sure your phone forgets that particular Wi-Fi connection.

attwifisecurity_thumb

The next time you finish using that free AT&T hotspot that stands as one of the few highlights of being an iPhone users on that network of questionable dependability, you might want to make sure your phone forgets that particular Wi-Fi connection. If not, you could be at risk from security threats.

That’s according to independent security researcher Samy Kamkar, who conducted his own very basic test to determine that using the AT&T Wi-Fi hotspots available at places like Starbucks in the U.S. could potentially pose a risk to iPhone owners. The test involved trying to fake an AT&T network in order to prompt an iPhone to join a network that was potentially unsafe.

Surprisingly, the network name alone was enough to convince an iPhone that it was joining a trusted network. Kamkar merely renamed his own unsecured Wi-Fi network “attwifi.” The exploit is unique to the AT&T hotspots because generally, the iPhone looks for a MAC address and a name in order to verify that a user has been previously connected. In the case of free AT&T hotspots, however, the phone ignores the MAC address and depends solely on the name.

During the test, Kamkar’s own iPhone connected without prompting to the network, but more tellingly, at least two other iPhone or iPod touches also connected, apparently belonging to passers by or other nearby residents. By way of these unsolicited connections, Kamkar said he could do any number of things, from redirecting connected users, to stealing their login credentials.

To prove it’s possible to hijack someone’s phone using this method, Kamkar wrote a program that displays messages when a user attempts to use the Google Maps app. He’ll be releasing the program for all via his Twitter account today.

Considering that the iPhone is only officially available on AT&T in the U.S., and that most of those subscribers have probably at one time or another made use of free Wi-Fi hotspots from that provider, the security risk posed by the exploit could potentially be quite large. Especially now that the iPad, Cupertino’s rising star, is also a potential target. Apple doesn’t seem to be in a hurry to change anything about the arrangement, according to a spokewoman for the company:

iPhone performs properly as a Wi-Fi device to automatically join known networks. Customers can also choose to select to ‘Forget This Network’ after using a hot spot so the iPhone doesn’t join another network of the same name automatically.

Using the ‘Forget This Network’ function or just turning off your wireless altogether are currently the only ways to prevent your iPhone from automatically joining any network called “attwifi” if you’re concerned about the safety of your data.

You’re subscribed! If you like, you can update your settings

  1. Definitely don’t do any banking or manage your stock portfolio at a Starbuck’s!

  2. It’s much much worse then that! There are known hacker devices nicknamed “pineapples” that are a portable WiFi router. ALL WiFi devices broadcast their trusted list of WiFi networks. The pineapple simply tells them “Here I am” and they all connect. You don’t need to name the WiFi network, each devices tells the pineapple.

    The users connect to the pineapple without any warning whatsoever and most people think they just connected to a hotspot or the airport wireless, etc. At this point the hacker and do all sorts of evil things… Run MetaSploit against the target to break into your computer, sniff all packets, hack your email, see your IM messages, etc.

    http://revision3.com/hak5/pineapples?fs

    http://revision3.com/hak5/airportchallenge?fs

  3. People should always be aware that even if you are using an encrypted channel, your ISP can play “man in the middle” attacks against your communications. There are ways to secure such communications, however, none of the encrypted services that are available to casual users use them.

  4. Okay that’s helpful Thanks Darrell.

  5. Here is a script to accomplish the same thing as the pineapple (and more):
    http://pastebin.com/Bsk36wBk

    All you need is a laptop, wifi card that supports monitor mode and a copy of BackTrack 4. The idea is to never do anything on an unsecure wifi connection that you don’t want the whole world to know!

Comments have been disabled for this post