Your Mac, iPhone or iPad may have left the Apple store with a serious security risk

Discussion in 'Apple, Inc and Tech Industry' started by SilentPanda, Apr 29, 2013.

  1. SilentPanda Moderator emeritus

    SilentPanda

    Joined:
    Oct 8, 2002
    Location:
    The Bamboo Forest
    #1
    http://www.troyhunt.com/2013/04/your-mac-iphone-or-ipad-may-have-left.html

    Please note: This isn't a flaw in Apple devices. This would happen with any device treated this way. It's only common in Apple devices when demoed at the store before leaving.

    In short, if you buy a device at an Apple store and they set it up/demo it for you before you leave, they often connect it to their internal wi-fi which has no password. Later, if you're roaming the streets, if you happen upon an access point named "Apple Demo" your iOS device or computer (please don't wander around with a Mac Pro!) will just connect to it since it's connected before even though it was a different point.

    The article gives ways to fix the issue should your device have the issue.
     
  2. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #2
    Excuse my ignorance but how is this a security risk when people use public wifi all that time?
     
  3. SilentPanda thread starter Moderator emeritus

    SilentPanda

    Joined:
    Oct 8, 2002
    Location:
    The Bamboo Forest
    #3
    Well that's a security risk too. People shouldn't do that either. The difference with this one, especially on iOS devices is that since you can't view stored network connections, I could set up a wi-fi "hacker network" next to a coffee shop called "Apple Demo". Your phone might connect to it while in your pocket even if you've denied it to connect to the coffee shop.

    I could also drive by your house with a laptop and while your Mac is connected to your homes secure wi-fi, I could potentially change the connection to the laptop in my car without you knowing since it's already accepted "Apple Demo" as a trusted wi-fi spot.

    Most security risks are situational and won't cause most of us trouble, but I figured this was worth noting even if it helps one of the users of the site.
     
  4. FreakinEurekan macrumors 68040

    FreakinEurekan

    Joined:
    Sep 8, 2011
    Location:
    Eureka Springs, Arkansas
    #4
    Apple fixed this issue in iOS6 and Mountain Lion so that "common name" SSIDs won't auto-join another network of the same name unless the BSSID (the specific access point ID) is the same.

    http://support.apple.com/kb/HT4450
     
  5. SilentPanda thread starter Moderator emeritus

    SilentPanda

    Joined:
    Oct 8, 2002
    Location:
    The Bamboo Forest
    #5
    That's nice to know! Unfortunately that might help, it might not. I didn't see a list of SSIDs so there's no way I know of to tell what's on the list. I wouldn't say it's fixed, just fixed under certain circumstances.
     
  6. Nermal Moderator

    Nermal

    Staff Member

    Joined:
    Dec 7, 2002
    Location:
    New Zealand
    #6
    Right, it's not fully fixed, especially with a device like the Pineapple which will grab any network name whether it's a common one or something completely random. A list of "bad" names is irrelevant in that case.
     

Share This Page