Security researchers have uncovered a weakness in some iPhones that could be used to automatically connect to rogue Wi-Fi networks to collect passwords and other sensitive data.
The weakness is in the profile.mobileconfig file installed by AT&T, Vodafone and more than a dozen other carriers that instruct the devices to automatically connect to a Wi-Fi network called attwifi when the signal becomes available.
Attackers can take advantage of this by giving their rogue network the same name to automatically initiate an attack against nearby iPhones, even ones that have never connected to any Wi-Fi network before. Once connected, the attacker can run exploit software that bypasses the secure sockets layer Web encryption.
Once the exploit software is installed, the attacker can perform a man-in-the-middle attack to intercept passwords and forge links and other content on the websites the user visits.
The researchers tested their hypothesis in a restaurant in Tel Aviv, Israel and 60 people connected to their Wi-Fi network in the first minute and 448 connected during a two-and-a-half-hour period.
The best way to prevent iPhones from connecting to networks without the user’s knowledge is to disable Wi-Fi on the device when it isn’t needed. There are also apps available that can control which SSIDs the iPhone will and won’t connect to.
Interested in learning more? See the Skycure Security blog post here.
