Security researchers say they’ve uncovered a weakness in iPhones that force users to connect to Wi-Fi networks that can then steal passwords or other sensitive information.
AT&T iPhones instruct the devices to automatically connect to a Wi-Fi network called attwifi when the signal becomes available, a service designed to speed up browsing. But attackers can set up their own rogue Wi-Fi networks with the same name and collect sensitive data as it passes through. AT&T are not the only company that are doing this, so don’t be smug if you have another carrier.
Researchers tested their hypothesis by setting up several Wi-Fi networks in public areas that used the same SSIDs as official carrier networks. During a presentation on Wednesday at the International Cyber Security Conference, the Skycure researchers set up a network that 448 people connected to during a two-and-a-half-hour period.
The most effective way to prevent iPhones from connecting to networks without the user’s knowledge is to turn off Wi-Fi whenever it’s not needed. Apps are also available that give users control over what SSIDs an iPhone will and won’t connect to.