News
iPhone 3.0 Wi-Fi feature opens new security hole
A new feature found in iPhone OS 3.0 has also created a new security liability, according to a security group member. The exploit is caused by the OS’ automatic opening of Safari when attempting to connect to a network. Remote-exploit.org co-founder Max Moser explains that when the iPhone joins a network, it tries to run a DNS query for apple.com, and open a simple HTML document stored on Apple’s website. If these two things happen without incident, it functions as normal, but in circumstances in which the DNS query is successful but it can’t retrieve the HTML file, it assumes there is a “captive portal”—a hotspot with a login/pay-to-use screen—and automatically opens Safari. When combined with the penetration testing software karmetasploit, this vulnerability could potentially be used to capture iPhone cookies, account information, and possibly more, depending on what other vulnerabilities are found. While this would require a malicious Wi-Fi network to be setup, which might also pose a threat to other devices, the iPhone’s new automatic connect sequence leaves it more vulnerable than most. [via InformationWeek]
Related Stories
- Apple airs new Siri-focused iPhone 4S ads
- Apple asks European standards body to set Frand rules
- iPhone accounts for 40% of new Sprint customers in Q4 2011
- Key iPhone, iPod executive left Apple last year
- Motorola sought lucrative royalty on iPhone, iPad sales
- AT&T explains ‘unlimited data’ user throttling, blames users?
Comments
If you have a comment, news tip, advertising inquiry, or coverage request, a question about iPods/iPhones/iPad or accessories, or if you sell or market iPod/iPhone/iPad products or services, read iLounge's Comments + Questions policies before posting, and fully identify yourself if you do. We will delete comments containing advertising, astroturfing, trolling, personal attacks, offensive language, or other objectionable content, then ban and/or publicly identify violators.
Recent News
- iLounge Weekly coming early Monday, giveaway reminder
- iBackFlip launches Somersault case for iPad
- Motorola loses third patent case against Apple in Germany
- Apple rushing to pick demo apps for next iPad launch
- Apple airs new Siri-focused iPhone 4S ads
- Periscope Audio Lab releases SpaceSampler
- Evernote Hello improves contact entry features
- eMailGanizer Pro adds Universal Inbox, Smart Folders
- Scosche rolls out bassDock for iPad
- German court rejects Apple bid to ban Galaxy 10.1N
Recent Reviews
- Cygnett Apollo for iPhone 4/4S
- Case-Mate Pop! ID for iPhone 4/4S
- Case-Mate Pop! for iPhone 4/4S
- Case-Mate Pop! With Stand for iPhone 4/4S
- Solid Line Products RightShift 2 Removable Keyboard Case for iPad 2
- Spigen SGP Kuel F60Q Battery Pack
- Just Mobile Highway + Highway Pro for iPod, iPhone + iPad
- Speck CandyShell and CandyShell Satin for iPhone 4/4S
- Jensen JiPS-310i Docking Speaker for iPod, iPhone & iPad
- FrappeDesign Smart Sleeve for iPad 2
Recent Articles
- iOS Gems: Adventures of Tintin, Reckless Racing 2 + Scramble With Friends
- Ask iLounge 2-3-12
- Making The Case For - And Against - An Apple iTV Television
- Instant Expert: iTunes U for iPad, iPhone and iPod touch
- Instant Expert: Secrets & Features of iBooks 2.0
- iLounge’s 2012 CES Best of Show Awards: Honorable Mentions
- iLounge’s 2012 CES Best of Show Awards: iPod, iPhone, iPad + Mac
- iOS Gems: Bug Princess, Dora Hops Into Phonics, It’s A Small World, Sleepy Jack + X Is For X-Ray
- The Complete Guide to Managing iTunes Videos
- Editorial: As CES Grows, Will Microsoft’s Loss Be Apple’s Gain?
1
English! Does anyone speak English? What does that mean?
Posted by Mark on July 8, 2009 at 6:05 PM (PDT)
2
@Mark: The new OS has a feature where it will automatically try to login for you, when you connect to a wifi hotspot that has a web login page.
For example, when I connect to my country’s free national wifi, I have to login via a webpage before I can actually access the internet. The OS will detect this, and automatically open Safari to login for you (if it knows your credentials) or present you with the login page (if it doesn’t know your credentials).
So theoretically, I could set up a free wifi hotspot on my laptop sitting at Starbucks, give it a mislead SSID (“FREE WIFI ZONE”) and put in a captive portal “login” page that is loaded with remote exploits.
It’s a bit of a stretch, and personally I find the autologin feature happily convenient.
Posted by ketsugi on July 8, 2009 at 8:16 PM (PDT)
3
Ah, my Touch has started popping up a login screen for The Cloud since I upgraded to OS v3, I wondered how it worked.
To number 2, it’s actually worse than that. Rather than ‘Free WiFi Zone’, you set the rogue AP up with the same SSID as of one of the national networks.
In the UK, you’d set your evil twin up with The Cloud’s SSID. All UK iPhones already know about The Cloud because they are O2’s WiFi partner, so every iPhone passing will automatically try and connect.
Put the rogue AP in the car-park of a McDonalds (all UK McDs have Cloud-provided free WiFi) and no-one will think twice if their iPhone connects to The Cloud.
Alan.
Posted by Alan Edwards on July 9, 2009 at 7:47 AM (PDT)