Alfonso
Level 2 (364 points)
Apple TV

Q: Wifi vulnerability in iPhone 6

OK guys, I am sort of spooked.

i Was using my iPhone at the mall, when I noticed it had unawares connected to a WiFi network.

when i tapped on the wifi name to select "forget network" the only available option was "join network"

 

even more mysterious was the fact that a few seconds later my iPad connected to the same network

((must have been via keychain). The IP address was 10.0.0.117

 

when I turned off wifi, and turned it on again, the iPhone appeared to connect to my School wifi network

((various kilometers away.).

 

IN the past I have complained that even in BT only mode, my iPhone is visible to others as a hot spot.

combine that with the near field technology built into the iPhone, do we have a potential vulnerability,

so that the iPhone will connect to an Open Network without me realizing it And from there my other devices

becime vulnerable, as the info travels via keychain?

 

regards

MacBook Pro, OS X Yosemite (10.10.2), iPhone6, iPad3

Posted on Mar 20, 2015 8:16 AM

Close
Alfonso

Q: Wifi vulnerability in iPhone 6

  • All replies
  • Helpful answers

  • by chattphotos,

    chattphotos chattphotos Mar 20, 2015 8:32 AM in response to Alfonso
    Level 4 (2,447 points)
    Desktops
    Mar 20, 2015 8:32 AM in response to Alfonso

    First, you need to understand how wifi networks work.

    Wifi has a working range of about 40 feet for a line of sight connection.

     

    I don't see much of a vulnerability, the iOS is a very secure operating system, its working as designed. Please include screenshots of the issues you are having.

     

    The keychain/iCloud data is encrypted from the device to the server and back. Keychain doesn't sync locally, its always to iCloud and then to other devices.

     

    Bluetooth only mode, the device will be visible for 300 seconds and then it will become invisible to other devices. The profiles listed on the discovered device may show things like audio, hotspot, etc. - iOS: Supported Bluetooth profiles - Apple Support

     

    I will note that there was some sort of display bug in iOS 8 that would show recently connected networks in the network list. (the phone was not actually connected to a network that was 1km away)

     

    I don't know if it's still a working feature, but previous versions of the iOS would auto-connect to a list of open wifi networks (usually coffee shops) Turn wifi off and ask to join nearby networks it won't auto-connect anymore.

  • by Ralph9430,

    Ralph9430 Ralph9430 Mar 20, 2015 8:35 AM in response to Alfonso
    Level 6 (18,243 points)
    Apple Watch
    Mar 20, 2015 8:35 AM in response to Alfonso

    Make sure Ask to Join Networks is turned on in the Settings app. Your iPhone will then not join any unknown or new Wi-Fi network unless you tap on OK for that network.

    Settings > Wi-Fi > Ask to Join Networks > Turn On

     

    I suggest that you never join a Wi-Fi network unless you know which one it is. There are ways unscrupulous folks can collect info when you join and use their Wi-Fi network.

  • by Alfonso,

    Alfonso Alfonso Mar 20, 2015 8:42 AM in response to chattphotos
    Level 2 (364 points)
    Apple TV
    Mar 20, 2015 8:42 AM in response to chattphotos

    TThanks for the quick reply.

    I have become so concerned that I decided to "reset the network."

    After that the problem seems to have stopped On both my devices.

    What I still don't understand is how both my iPad and iPhone6 appeared to connect to my School network.

     

    JUst to be safe, I will have to erase both my devices, now.

     

    regards

  • by Alfonso,

    Alfonso Alfonso Mar 20, 2015 11:40 AM in response to Alfonso
    Level 2 (364 points)
    Apple TV
    Mar 20, 2015 11:40 AM in response to Alfonso

    Ok Guys,

    I took a little time to re-organize my thoughts...

    This is what I have:

     

    I was at the mall.

    No Known networks to which my iPad3 and my iPhone6 connected to before.

    Wifi and BT were ON on both devices.

    iPad3 was tethered to iPhone6 (BT or Wifi, I can't recall)

    Suddenly iPhone shows no longer LTE connection but a WiFi connection to a network called "ruth", an open network.

    There was no way to disconnect from "ruth". because the WiFi panel only says "Join Network", i.e. NO "Forget Network"

    I turn OFF WiFi and BT on iPhone. Turn on WiFi only. This time I appear to connect to my School WiFi (which is miles away).

     

    Then my iPad shows it is connected to WiFi "ruth" as well with an iP Address of 10.0.0.117 (This is a router IP address isn't it? I mean,

    usually cell phones have a different IP number, right?)

    It is at this point that I panic, and reset the network on both devices.

    After restart, ruth and my School are no longer broadcasting..., and my phone is solidly on LTE.

    Disable Wifi on both devices. Tether iPad via BT only. Write the first post of this thread.

    Before getting home, I erase iPhone and iPad.

    Got home,

    I disconnect WiFi router, start up my Mac, and turn off iCloud keychain.

    I reconnect Wifi router and reset iCloud keychain. A message informs me that all passwords in iCloud will be deleted. Press OK.


    I hope I am not missing any other steps.

     

    Did someone find a way to trick my iPhone and iPad into connecting, me unawares?

    As I mentioned earlier, when my Hotspot is active, everybody can see that an iPhone 6 is in range.

    Even my students at school can see it on their PCs as a personal hotspot and so far I haven't figured out

    a way to keep the iPhone hidden while tethering.

    Does this create a potential vulnerability? Is this what happened here or was it just a huge glitch?

     

    Regards

  • by deggie,

    deggie deggie Mar 20, 2015 1:16 PM in response to Alfonso
    Level 9 (54,806 points)
    iPhone
    Mar 20, 2015 1:16 PM in response to Alfonso

    No, they did not trick you otherwise it would not have asked you to join the network. You weren't there yet.

    Yes, when your hotspot is active everyone can see it. You are using a secure password for joining your hotspot, right?

    This is not  potential vulnerability. "ruth" may have been a Mac computer.

  • by Alfonso,

    Alfonso Alfonso Mar 20, 2015 3:53 PM in response to deggie
    Level 2 (364 points)
    Apple TV
    Mar 20, 2015 3:53 PM in response to deggie

    If 'ruth' is a Mac computer, the question remains, how did my iPhone and iPad connect to it?

    Moreover, why did my iPhone appear to connect to my school WiFi (not in range)?

     

    I am only glad I was not doing any online banking at the time...

    Regards

  • by deggie,

    deggie deggie Mar 20, 2015 4:39 PM in response to Alfonso
    Level 9 (54,806 points)
    iPhone
    Mar 20, 2015 4:39 PM in response to Alfonso

    They didn't actually join with them, that is why it was asking you if you wanted to join. I would guess that ruth had a password requirement.