Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

attwifi security

Someone had recently pointed out a security flaw whereby someone can call their router attwifi and your phone will automatically connect to it if you have it as a known network. All of the sudden I'm seeing attwifi signals in NY in places I havent seen before and nowhere near a starbucks. Has anyone else noticed this?

Mac pro dual quad early 2008 and macbook core 2 1.833, Mac OS X (10.5.7)

Posted on Apr 30, 2010 9:40 AM

Reply
20 replies

Apr 30, 2010 10:07 AM in response to scott M

Your iPhone will try to connect to any known networks, and I do believe it uses the name as what recognizes the network or not.

So I guess if people were to call their personal networks the same as a AT&T wifi network then yes your iPhone will try to connect. I wouldn't be concerned about the security on the iPhone though as there is nothing that they can do with your iPhone.

If your iPhone is jailbroken (or hacked) then I would be mildly concerned as there could be some loop holes opened up in your iPhone.

May 2, 2010 7:49 PM in response to Dr_AL

My phones not jailbroken but my knowledge of wireless security is also not that broad.
If your phone did connect through a devious wifi router that was designed to intercept information, like credit card numbers if a purchase is made or email passwords, or any other sensitive information, is it possible for the person in control of that router to get that info?

May 2, 2010 8:12 PM in response to scott M

There is always the possibility, but if your iPhone is suddenly connected to a wi-fi network in an area or place where your iPhone has never been connected to a wi-fi network, I doubt you would suddenly make a credit card purchase or login to your bank.

I avoid making any type of financial transaction when connected to a public wi-fi hotspot. There is more involved with connecting to a wireless network than the name of the network.

May 3, 2010 7:41 AM in response to Allan Sampson

Well I think its a legit security risk that should be addressed by Apple and ATT then.
I'm in NYC. It's so dense here that its quite hard to be aware of where a legit wifi spot may be and where there shouldn't be one. If you choose to connect to "attwifi" once, in a starbucks lets say, it becomes a known network. Without actively managing it, your phone will automatically reconnect every time it sees one of these networks and I can see people not realizing it before transmitting sensitive info. NYC is also a great place for a crook to set something like that up and cast a wide net to get many users that will connect to their router.
For me, being aware of it, I will now just never let my phone connect to attwifi but that puts me in a position where I cant take advantage of some of the service I'm paying for.
It seems to me like this should be addressed in some way.

May 3, 2010 7:47 AM in response to scott M

If you connect to a site that uses SSL (the URL will begin "HTTPS" rather than "HTTP") information you enter is protected by strong encryption even over an unsecure network. The bank apps on the iPhone also use SSL, so these should be safe to use.

You should not enter sensitive information over ANY WiFi network (even Starbuck's) if the site you are accessing is not SSL protected. Not even over your home network unless your router is set to use strong encryption (WPA2).

May 3, 2010 8:57 AM in response to scott M

Was your iPhone connected to an AT&T wireless network in the past?

If so, do you have personal/direct experience with your iPhone automatically connecting (with automatically being a key word) to a bogus AT&T wireless network based on the name of the network alone where you know for certain there is not a legit AT&T wireless network?

If your iPhone was connected to an AT&T wireless network in the past and you started seeing additional wireless networks with the name of "attwifi", your iPhone would have automatically connected to such a wireless network based on the name alone.

I'm in NYC. It's so dense here that its quite hard to be aware of where a legit wifi spot may be and where there shouldn't be one.


Baloney. You don't know when you are in or near a Starbucks or a McDonalds, or in or near any other business establishments where AT&T has a hotspot with AT&T providing a list of those establishments?

May 3, 2010 9:19 AM in response to scott M

For me, being aware of it, I will now just never let my phone connect to attwifi but that puts me in a position where I cant take advantage of some of the service I'm paying for.


After connecting to an AT&T wireless network - at an establishment where you know AT&T has a hotspot, you can select "Forget this Network" on your iPhone for the network before leaving or disconnecting from the network.

Since computers re-connect to a known and previously connected to wireless network automatically when returning within range of the network, this likely applies to computers also.

May 3, 2010 10:28 AM in response to Lawrence Finch

And I wonder how many Windows users are aware of that and make use of it? Mac users aren't except from this, but based on a very large percentage of Windows users here that don't maintain a backup for any data on their computer and don't have contact info available on their computer - they depend on their cell phone alone for their contact info, I venture to say very, very few.

May 3, 2010 11:05 AM in response to Lawrence Finch

"You should not enter sensitive information over ANY WiFi network (even Starbuck's) if the site you are accessing is not SSL protected. Not even over your home network unless your router is set to use strong encryption (WPA2)."

What about things like email passwords? Can someone with a nefarious router intercept that info? Since emails are checked regularly without prompting on the iphone, that could happen without a user realizing it.

May 3, 2010 11:17 AM in response to Allan Sampson

Baloney? Please.

Who's to say someone cant name a network attwifi right across the street from (or even in the same building as) a legitimate hotspot and get even the iphone users who are paying attention to connect. Also, I don't know about you but I don't spend a whole lot of time making sure I know exactly where ATT is rolling out wifi to try to ease the congestion on their 3g network.

I'm aware I can forget networks and do other things to stop automatically connecting but it becomes less seamless and more work than the iphone experience, in my opinion, is designed to be. If someone has to spend the time to go to ATT's website and study exactly where the spots are supposed to be (and still not be guaranteed they are from ATT) forget it, its not worth it.

My phone has automatically connected to att networks. I'm not aware of connecting to a bogus att network but I dont want to find out afterwards that it has and that it caused any private info to be jeopardized. Duh, thats the reason for the question.

attwifi security

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.