Wireless Security
Re: Ghost ESSIDs in iPhone Aug 04 2011 02:43PM
Richard Farina (sidhayn gmail com) (1 replies)
On 08/04/11 09:21, Chris Hammond-Thrasher wrote:
> Richard,
> Are you saying that the only way to remove a preferred ssid from an iOS
> device is to setup an AP with that ssid, connect to it, and then thumb
> "forget network"? This is indeed a serious karma risk.
This is the only method I am aware of. I am more than happy to be
corrected by anyone if I'm wrong, but I've talked to dozens of apple
lovers about this bug and have yet to be corrected.

> -cht
> On Wed, Aug 3, 2011 at 10:19, Richard Farina<sidhayn (at) gmail (dot) com [email concealed]> wrote:
>> On 08/01/11 10:06, Robin Wood wrote:
>>> I've been playing with some wifi stuff and, blame Vivek, I've been
>>> using my iPhone as a victim. At some point I manually added a new
>>> ESSID called fred. Since I did that whenever I turn wifi on on the
>>> phone it probes for fred but I can't find anywhere in the iPhone setup
>>> where I can edit or delete fred, it seems to be a ghost network that
>>> it is doomed to probe for forever but never connect to.
>>> I could set up an AP with this ESSID and maybe then it will appear and
>>> I can delete it but a normal user wouldn't think to do that and could
>>> end up probing for networks they know nothing about or have forgotten
>>> about.
>>> Has anyone else noticed this?
>>> Yeah, I've been abusing it for years because there is no way for you to
>> remove an ssid from your preferred network list unless you are in range of
>> the ssid. idevices are pretty much the only thing still horribly vulnerable
>> to karma attacks.....oh and combine that with the sslstrip attack from
>> nearly a decade ago which they are vulnerable to and.....well.... I hope
>> that your iphone is only a test device and doesn't haver personal info it.
>> -Zero_Chaos
>>> Robin

[ reply ]
Re: Ghost ESSIDs in iPhone Aug 04 2011 02:56PM
Robin Wood (dninja gmail com) (1 replies)
Re: Ghost ESSIDs in iPhone Aug 04 2011 03:35PM
Mel Chandler (mel chandler gmail com)


Privacy Statement
Copyright 2010, SecurityFocus