iPhone Apparently Open To Old Wi-Fi Attack

judgecorp writes "Security researchers say that iPhone and other Apple devices are vulnerable to an old attack, using a fake Wi-Fi access point. Attackers can use an SSID which matches one that is stored on the iPhone (say "BTWiF"), which the iPhone will connect to automatically. Other devices are protected thanks to the use of HTTPS, which enforces HTTPS, but iPhones are susceptible to this man in the middle attack, researchers say."

Editors didn't read the summary?

[Imagix]

the use of HTTPS, which enforces HTTPS

What does that even mean?

Re:HTTPS enforces HTTPS?

[telchine]

Other devices are protected thanks to the use of HTTPS, which enforces HTTPS

HTTPS enforces HTTPS? Whew. That's a relief. Does SFTP enforce SFTP and SSH enforce SSH too? Just checking to make sure I'm secured.

I assume they mean HTTPS STS

Comment removed

[account_deleted]

Comment removed based on user account deletion

Misleading Summary

[rogueippacket]

Just to be clear here, protocols like HTTPS only secure data from the Application Layer - this man in the middle attack takes place at a much lower layer (Data Link/Network), meaning any device which automatically connects to familiar SSID's is susceptible. HTTPS will not save you from rogue AP's.
This is largely a convenience feature implemented by Apple, but it doesn't matter which device you're using - if you aren't encrypting your traffic, you are vulnerable to eavesdropping. Period.

So the summary completely sucks

[Stewie241]

The article talks about a few different things which are only somewhat related. The wifi vulnerability is the fact that an Apple device will automatically connect to a wifi network that has the same SSID as a network it has previously connected to. I suspect this is the same for Android devices, but I am too lazy to test atm.

The issue that relates to https is related to something called HTTP STS. (http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security). HTTP STS is supposed to be a way by which servers can communicate to browsers that requests to a particular site should always be sent over https. The issue that is being raised is that Chrome supports HTTP STS and hence Android devices do as well, but Safari does not. I guess what this would get you is that if you connect over https to a site over a trusted network, then further requests to that domain are forced to be made over https with a certain validity of certificate.

Re:Editors didn't read the summary?

[Lord Byron II]

That and "BTWiF" which makes no sense. It's supposed to be "BTWifi" which is BT's public WiFi network.

Re:HTTPS

[DigitAl56K]

I think the problem is that the iPhone will connect to an unsecure network automatically without alerting the user while the user believes they are on a different, secure network.

That can only happen if the Ask to Join Networks setting is off.

No, that's the whole point of TFA, which basically points out iOS devices have carrier pre-defined WiFi settings built it, and will connect to such networks automatically, such that placing an access point near a target that masquerades as one of these pre-defined access points is likely to cause such devices to connect automatically.

The original article is here, and includes notes that on some occasions, not only the baked-in SSIDs are visible, but also the passwords in plaintext:
http://blog.skycure.com/2013/06/wifigate.html [skycure.com]