iPhone Vulnerable To Hotspot Hijacking
An iPhone running the 3.0 software issues a DNS request for Apple’s Web site and a request for a specific Web page. If its queries prove successful, it assumes network connectivity is okay. If it receives no response, it assumes there’s no network available.
But if it receives a response from a site other than Apple’s, it assumes the user is trying to access the network through a portal that requires authentication, as is often found at hotels or public Wi-Fi hotspots. To help users complete the authentication process, the iPhone software automatically opens Apple’s Safari browser.
That behavior, however, offers an opportunity for exploitation, as first noted by security researcher Lothar Gramelspacher.
Using penetration testing software called karmetasploit and the appropriate network hardware, an attacker can set up his or her own Wi-Fi hotspot. When an iPhone user tries to join this malicious Wi-Fi network, the attacker can capture iPhone cookies, account information, and perhaps more, depending on whether other vulnerabilities in Safari or other iPhone software can be exploited.
Read the rest of the InformationWeek article here.
Associate Director, Marketing - Digital Strategy @ Bell. Digital Strategist. Speaker. Marketing Leadership. Management. Bus Dev. Startups. Challenge. Innovate.Earned, not bought.
