iOS Wifi-Security Question - Will iPhone attempt to connect to an AP insecurely?

crellion

macrumors regular
Original poster
Oct 22, 2009
100
1
Say I had an AP with WPA2-encryption set on my iOS device. Some other guy decides to setup a rogue AP with the same SSID as my own AP - but with encryption completely off.

Will my iPhone get confused by this - or will it connect to only my WPA2-encrypted one with the correct Wifi password?
 

iShorty

macrumors regular
Jun 23, 2010
110
18
Nottingham, UK
Say I had an AP with WPA2-encryption set on my iOS device. Some other guy decides to setup a rogue AP with the same SSID as my own AP - but with encryption completely off.

Will my iPhone get confused by this - or will it connect to only my WPA2-encrypted one with the correct Wifi password?
I'm almost certain that it verifies other information like the Routers MAC Address etc, I wouldn't worry.
 

Intell

macrumors P6
Jan 24, 2010
18,872
368
Inside
From what I recall, it will connect to the insecure one of it is the exact same SSID and no encryption. Apple may have changed this with a recent iOS version, but at one time it would do exactly that.
 

C DM

macrumors Sandy Bridge
Oct 17, 2011
47,420
15,974
From what I recall, it will connect to the insecure one of it is the exact same SSID and no encryption. Apple may have changed this with a recent iOS version, but at one time it would do exactly that.
If that's how connections are handled these days, or even were ever handled, that is just beyond wrong.
 

crellion

macrumors regular
Original poster
Oct 22, 2009
100
1
If that's how connections are handled these days, or even were ever handled, that is just beyond wrong.
Don't have my AP with me right now - but is there anyone willing to do a quick test with their iOS device on this theory with their own AP?
 

Intell

macrumors P6
Jan 24, 2010
18,872
368
Inside
If that's how connections are handled these days, or even were ever handled, that is just beyond wrong.
There was an article about how some security researchers did testing on that. I forget where I read it, but it was fascinating. Many systems do connect to a similarly named SSID that has no encryption.
 

I7guy

macrumors Core
Nov 30, 2013
20,380
8,209
Gotta be in it to win it
So I did a quick test. I added an SSID to my home router with the same SSID as the corporate wifi network. I set the option for "no security".

I then forgot all wifi networks and waited to see what would happen. With "ask to join known networks" set to "yes" my iphone did not connect to any network.

However, when selected, the iphone happily connected to rogue SSID. I'll see if the phone automatically connects tomorrow morning to the corporate network.
 

gordon1234

macrumors 6502a
Jun 23, 2010
571
162
I'm pretty sure it will happily connect to any network with the same SSID. For instance, there are a ton of networks around here called either "attwifi" or "xfinitywifi." If I connect my phone to any of them once, it will automatically connect to all the others in the future. It's quite annoying, actually.

Sadly, I think this is sort of the standard for most devices with WiFi right now.
 

Lennyvalentin

macrumors 65816
Apr 25, 2011
1,429
739
However, when selected, the iphone happily connected to rogue SSID.
Of course it connects to a "rogue" SSID when you tell it to... That's what you told it to do! ;) Next time you test this, don't forget your known networks first, just turn off encryption. You also might want to change the MAC of the router, to see if iOS verifies this first before connecting.