iPhones will join any old hotspot so long as it claims to be an attwifi hotspot, says a researcher who discovered the security hole this week. This security hole can lead unsuspecting iPhone users to give up all sorts of personal information to anyone who knows how to change the name of their wireless access point.
While ordinarily an iPhone will first confirm that a given router (access point) is one that the user has previously intentionally joined, apparently if the router is renamed to “attwifi” all bets are off, and the iPhone will join it with no further checks or authentication required.
“The iPhone joins the network by name with no other form of authentication,” says Samy Kamkar, who made the discovery.
Kamkar explains that he discovered the issue after connecting to an AT&T wifi access point at a Starbucks, and then going to disconnect before he left. “I went into the settings to disconnect and the prompt was different from normal,” says Kamkar.
“I went home and had my computer pretend to be an AT&T hot spot just by the name and my iPhone continued to connect to it. I saw one or two other iPhones hop onto the network, too, going through my laptop computer. I could redirect them, steal credentials as they go to Web sites,” he added.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
An Apple spokesperson said that “iPhone performs properly as a Wi-Fi device to automatically join known networks. Customers can also choose to select to ‘Forget This Network’ after using a hot spot so the iPhone doesn’t join another network of the same name automatically.”
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
