Always keep your wireless off on the iPhone 3G until you need to use it
I came across a very poor security feature of the iPhone 3g this week. Like many of you, unless I actually turn wireless networking off, by default it is on. The caveat is that many of you have set the phone to "warn you before connecting". I thought that this would mean that before my phone connected on to a wireless network, it would ask my permission. In fact that is what happens the first time you connect to a named wireless network. But after you have connected to a particular SSID before, in the future the phone will connect to that network automatically without asking! On top of this networks like ATTWireless seemed to be already pre-approved and the phone does not ask you permission. To be fair, Apple does warn in the fine print that "known networks will be joined automatically". But how hard is it to change an SSID today?
So what does this mean? Lets say you go to a friends house or some other location that is using a default SSID like Linksys. You want to use the network while at that location and give it permission. After that you are at an airport or other public place and your phone picks up a wireless network named linksys. Guess what, your phone just connected and didn't ask you a thing. Lets say some bad guys set up a network to gather your data. They name the network ATTWireless or Linksys or some other common name. If you have wireless on your phone turned on, even if you have the "warn me and ask permission" set, you will still connect to that network without notice to you. I am sorry, but this is just terrible design by Apple! I want to be asked before I connect to any network every time I connect.
Could this be how my log on information was stolen in Vegas? I don't know, I actually had wireless shut down entirely for most of the time in Vegas. But I have been racking my brain to remember if there was a time I turned wireless on for a short time.
In the meantime, I now keep my iPhone's wireless network settings to off at all times. You should too! Of course Apple designed many of the programs to be optimized for high speed connections like wireless network connections, so there might be some trade-offs there.
http://compnetworking.about.com/cs/wirelessproducts/qt/changessid.htm
2. Be careful of the Free Public Wifi SSID. I see it always as an ad hoc network and though I have never tried to connect and I don't know for sure what it is, I know that it is probably not good.
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_c.png?x-id=e9e25842-a624-4b39-8806-45d74ce3730b)
Comments