Monday, February 20, 2017

WARNING!! iPhone and WIFI wireless

 Your iPhone may connect to WiFi and leak information without your knowledge.

 Recently I was sniffing WiFi at our house. I noted some airline WiFi names. Recall WiFi is just radio. Though we are close to a landing path I did not think WiFi would have the range to be picked up by my radio sniffer. A WiFi sniffer will listen on WiFi radio frequencies and display the name and traffic it sees. Investigating further I found other WiFi names. Hotels, cafes, and others. Those were not in range
 When you associate with a WiFi service at a point other than your house the iPhone places that WiFi name in a Preferred Network List (PNL). When you get within range of a WiFi name on the PNL and you are not associated with another WiFi name, the iPhone or other device may associate with the WiFi name you have used in the past. Convenient. Risky!!
 Why risky?
 With a WiFi sniffer (easily obtained and used) anyone can see the WiFi names in the PNL list as the iPhone keeps beaconing the WiFi names in its PNL to associate with. If one is found it will connect and you get WiFi service. If anyone can see these beacons, they can name their rouge WiFi access point to a name in your iPhone's PNL and your iPhone or other device will associate. Usually without your knowledge or permission.
 This requires your WiFi device to not be associated with another WiFi service.
 Think of attending a computer club meeting at the ballroom. You are not in range of your home, Anyone has setup a WiFi access point with a name in a device's PNL, the device associates, you get service. The person in control of the rogue WiFi access point can and will see all traffic while this association is active.
 Most devices allow you to remove a WiFi service name even if it not in range. It is good security practice to keep the PNL to only the WiFi names you use regularly. With the iPhone you can not see the PNL with names not in range. Thus these names are 'hidden' and thus a potential for risk.

 Until Apple addresses this problem:
 Make it a practice to remove a temporary service when you leave a hotel or other place you have used that WiFi service.
 Use Settings -> General > Reset-> Reset Network Settings.
NOTE: You will have to (re)add your WiFi and other network settings!!

No comments:

Post a Comment