Featured Articles

Analysts expect ARM to do well next year

Analysts expect ARM to do well next year

British chip designer ARM could cash in on the mobile industry's rush to transition to 64-bit operating systems and hardware.

More...
Huawei and Xiaomi outpace Lenovo, LG in smartphone market

Huawei and Xiaomi outpace Lenovo, LG in smartphone market

Samsung has lost smartphone market share, ending the quarter on a low note and Xiaomi appears to be the big winner.

More...
Intel Broadwell 15W coming to CES

Intel Broadwell 15W coming to CES

It looks like Intel will be showing off its 14nm processors, codenames Broadwell, in a couple of weeks at CES 2015.

More...
Gainward GTX 980 Phantom reviewed

Gainward GTX 980 Phantom reviewed

Today we’ll be taking a closer look at the recently introduced Gainward GTX 980 4GB with the company’s trademark Phantom cooler.

More...
Zotac ZBOX Sphere OI520 barebones vs Sphere Plus review

Zotac ZBOX Sphere OI520 barebones vs Sphere Plus review

Zotac has been in the nettop and mini-PC space for more than four years now and it has managed to carve…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Friday, 14 June 2013 10:48

iPhones should not go on Wi-Fi

Written by Nick Farrell

Jobs’ Mob security strikes again

Apple is so lacklustre on its security and networking that it makes plugging in the iPhone jolly risky. Security firm SkyCure has found feature in iPhone devices running on certain networks, including Vodafone, that would connect automatically to a Wi-Fi network with a specified SSID, such as ‘BTWiFi’.

While this sounds like a wonderful feature, it means that a crook can get you to connect to any station you like and listen to your calls or gain access do your Coldplay collection. You might think that this sort of security threat would be one of those bugs that people find and then fix, the security industry has known all about it for years. Indeed on other most other phones it is fixed. But the way in which iOS devices are hooking up to certain Wi-Fi networks automatically is a real concern.

The case highlights another weakness in the way Apple protects traffic managed by its Safari browser. At the moment the rest of the world is moving towards the HTTPS protocol through a mechanism called HTTP STS, Apple is not. HTTP STS was released in 2012 and already Chrome and Android supports it.

Of course Apple could be sensible. It could, for example, roll out HTTP STS. It could also recommend the use of an app such as those offered by Shield and Onavo, which isolate devices from malicious networks. Needless to say it probably will not. So far Vodafone based IPhones can be seen as safer. Vodafone uses an embedded configuration to control things within the iPhone. These are ‘1WiFiVodafone1x’ and ‘Auto-BTWiFi’ are locked to ‘EAP-SIM’ authentication which is a bi-directional authentication protocol.

blog comments powered by Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments