Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iOS Wifi-Security Question - Will iPhone attempt to connect to an AP insecurely?

C

crellion

macrumors regular
Original poster
Oct 22, 2009
108
1
Say I had an AP with WPA2-encryption set on my iOS device. Some other guy decides to setup a rogue AP with the same SSID as my own AP - but with encryption completely off.

Will my iPhone get confused by this - or will it connect to only my WPA2-encrypted one with the correct Wifi password?
 
crellion said:
Say I had an AP with WPA2-encryption set on my iOS device. Some other guy decides to setup a rogue AP with the same SSID as my own AP - but with encryption completely off.

Will my iPhone get confused by this - or will it connect to only my WPA2-encrypted one with the correct Wifi password?
Click to expand...

I'm almost certain that it verifies other information like the Routers MAC Address etc, I wouldn't worry.
 
From what I recall, it will connect to the insecure one of it is the exact same SSID and no encryption. Apple may have changed this with a recent iOS version, but at one time it would do exactly that.
 
Intell said:
From what I recall, it will connect to the insecure one of it is the exact same SSID and no encryption. Apple may have changed this with a recent iOS version, but at one time it would do exactly that.
Click to expand...

If that's how connections are handled these days, or even were ever handled, that is just beyond wrong.
 
C DM said:
If that's how connections are handled these days, or even were ever handled, that is just beyond wrong.
Click to expand...

Don't have my AP with me right now - but is there anyone willing to do a quick test with their iOS device on this theory with their own AP?
 
C DM said:
If that's how connections are handled these days, or even were ever handled, that is just beyond wrong.
Click to expand...

There was an article about how some security researchers did testing on that. I forget where I read it, but it was fascinating. Many systems do connect to a similarly named SSID that has no encryption.
 
So I did a quick test. I added an SSID to my home router with the same SSID as the corporate wifi network. I set the option for "no security".

I then forgot all wifi networks and waited to see what would happen. With "ask to join known networks" set to "yes" my iphone did not connect to any network.

However, when selected, the iphone happily connected to rogue SSID. I'll see if the phone automatically connects tomorrow morning to the corporate network.
 
I'm pretty sure it will happily connect to any network with the same SSID. For instance, there are a ton of networks around here called either "attwifi" or "xfinitywifi." If I connect my phone to any of them once, it will automatically connect to all the others in the future. It's quite annoying, actually.

Sadly, I think this is sort of the standard for most devices with WiFi right now.
 
I7guy said:
However, when selected, the iphone happily connected to rogue SSID.
Click to expand...
Of course it connects to a "rogue" SSID when you tell it to... That's what you told it to do! ;) Next time you test this, don't forget your known networks first, just turn off encryption. You also might want to change the MAC of the router, to see if iOS verifies this first before connecting.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back