Featured Articles

Apple announces its Apple Watch

Apple announces its Apple Watch

Apple has finally unveiled its eagerly awaited smartwatch and surprisingly it has dropped the "i" from the brand, calling it simply…

More...
Skylake 14nm announced

Skylake 14nm announced

Kirk B. Skaugen, Senior Vice President General Manager, PC Client Group has showcased Skylake, Intel’s second generation 14nm architecture.

More...
Apple officially announces 4.7-inch iPhone 6 and 5.5-inch iPhone 6 Plus

Apple officially announces 4.7-inch iPhone 6 and 5.5-inch iPhone 6 Plus

The day has finally come and it appears that most rumors were actually spot on as Apple has now officially unveiled…

More...
CEO: Intel on target for 40m tablets

CEO: Intel on target for 40m tablets

Intel CEO Brian Krzanich just kicked off the IDF 2014 keynote and it started with a phone avatar, some Katy Perry…

More...
Aerocool Dead Silence reviewed

Aerocool Dead Silence reviewed

Aerocool is well known for its gamer cases with aggressive styling. However, the Dead Silence chassis offers consumers a new choice,…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Friday, 14 June 2013 10:48

iPhones should not go on Wi-Fi

Written by Nick Farrell

Jobs’ Mob security strikes again

Apple is so lacklustre on its security and networking that it makes plugging in the iPhone jolly risky. Security firm SkyCure has found feature in iPhone devices running on certain networks, including Vodafone, that would connect automatically to a Wi-Fi network with a specified SSID, such as ‘BTWiFi’.

While this sounds like a wonderful feature, it means that a crook can get you to connect to any station you like and listen to your calls or gain access do your Coldplay collection. You might think that this sort of security threat would be one of those bugs that people find and then fix, the security industry has known all about it for years. Indeed on other most other phones it is fixed. But the way in which iOS devices are hooking up to certain Wi-Fi networks automatically is a real concern.

The case highlights another weakness in the way Apple protects traffic managed by its Safari browser. At the moment the rest of the world is moving towards the HTTPS protocol through a mechanism called HTTP STS, Apple is not. HTTP STS was released in 2012 and already Chrome and Android supports it.

Of course Apple could be sensible. It could, for example, roll out HTTP STS. It could also recommend the use of an app such as those offered by Shield and Onavo, which isolate devices from malicious networks. Needless to say it probably will not. So far Vodafone based IPhones can be seen as safer. Vodafone uses an embedded configuration to control things within the iPhone. These are ‘1WiFiVodafone1x’ and ‘Auto-BTWiFi’ are locked to ‘EAP-SIM’ authentication which is a bi-directional authentication protocol.

blog comments powered by Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments