Domain: skycure.com
Stories and comments across the archive that link to skycure.com.
Comments · 10
-
Re:Wait, what? Even in offline mode?
They use the word "force", but as the attack was originally described, what they're actually talking about doing is spoofing a network that your device already recognizes. More or less, if an attacker knows your home WiFi SSD or can make a lucky guess about what other SSIDs your device might already recognize (e.g. ones that your device was programmed to know out of the box), they can name their malicious network in such a way to possibly get you to automatically connect to it as a recognized network.
There's nothing particularly novel about that attack, and contrary to their verbiage, it doesn't force anyone to join a network, nor can it even easily be used in conjunction with this attack for the vast majority of users. Is it a potential problem? Absolutely, but only for a small subset of users. The way they're phrasing it and talking about it, it seems pretty clear that they're trying to boost their own profile a bit. For most cases, the two attacks can't be used together unless the malicious agent is stalking their victim.
-
Re:even when in offline mode
I was curious as well, so I read through their presentation slides and their press release.
The gist of the attack is that they've crafted a malicious SSL cert that can cause strange behavior in apps and the OS itself, including the possibility of initiating a crash-reboot-get malicious SSL cert-crash cycle. Once you get stuck in that cycle, there's no way to turn off WiFi, hence why they said that offline mode would not remedy the issue. That said, offline mode can indeed keep you from getting stuck in that cycle to begin with, and the researchers even recommended it as one of the ways to avoid the problem entirely. Alternatively, if it's already too late for you and you're in the crash loop, simply leaving the area will fix the issue for you, since you'll be able to pull down valid SSL certs and reboot as normal.
Which is to say, the summary has it wrong, since the attack cannot cause you to enter the crash loop while you're in offline mode, but you won't be able to enter offline mode once you're in the crash loop, so offline mode cannot save you at that point. Only leaving the area will work.
-
Re:Wait, what? Even in offline mode?
It's not that a phone that's offline is still vulnerable to wifi; it's that once this attack (which is carefully designed to get this result) hits you can't get enough control to go offline. The summary's got an inaccurate paraphrase, but TFA's phrasing isn't immediately clear. The researcher's blog has a better description.
-
Re: Where's the outrage?!
You utterly fucking fail at understanding security. [...] The only known threats on iOS devices have come to jailbroken phones and the jailbreaks themselves.
It ain't just a river in Egypt.
And that's not even considering threats that come from Apple itself, without any need to install apps or change settings. Something magical happens and things just work.
So what you've got is malware requiring physical access to the device, a dodgy app that slipped through the accreditation process but was subsequently pulled and a theoretical vulnerability that Apple have patched.
If you thing that compares to the privacy sham or security shambles that is Android then you really must be a Google or Samsung shill. (It was obvious from the links you included in your post.)
-
Re: Where's the outrage?!
Know how many people get viruses or malware on their iPhone (without jailbreaking)
... 0.Looks like you don't know enough people. It has been done, without jailbreaking, and we only know because the developers publicized that fact themselves.. If you want to keep the same answer, perhaps you could rephrase the question as "How many times that Apple admit that they served up viruses or malware in their App Store?"
So you think its better to run extra software, waste more ram, cpu and storage space
... so that you don't get something that iOS users just aren't going to get in the first place?But what if I don't _want_ a misplaced sense of security based on faulty assumptions?
You utterly fucking fail at understanding security. [...] The only known threats on iOS devices have come to jailbroken phones and the jailbreaks themselves.
It ain't just a river in Egypt.
And that's not even considering threats that come from Apple itself, without any need to install apps or change settings. Something magical happens and things just work.
Until then [I] just make it obvious [I'm] nothing more than a fanboy.
No argument here.
-
Re:So the summary completely sucks
The article talks about a few different things which are only somewhat related. The wifi vulnerability is the fact that an Apple device will automatically connect to a wifi network that has the same SSID as a network it has previously connected to.
Sort of. The vulnerability is that carriers are pre-configuring access points that devices will automatically connect to - not necessarily personal access points (e.g. at home) that you've previously used - and by configuring a malicious access point to look like the carrier's pre-defined one, you can cause the device to connect to the malicious access point:
TFS and TFA are both shit, look here instead (linked from TFA):
http://blog.skycure.com/2013/06/wifigate.html -
Re:HTTPS
I think the problem is that the iPhone will connect to an unsecure network automatically without alerting the user while the user believes they are on a different, secure network.
That can only happen if the Ask to Join Networks setting is off.
No, that's the whole point of TFA, which basically points out iOS devices have carrier pre-defined WiFi settings built it, and will connect to such networks automatically, such that placing an access point near a target that masquerades as one of these pre-defined access points is likely to cause such devices to connect automatically.
The original article is here, and includes notes that on some occasions, not only the baked-in SSIDs are visible, but also the passwords in plaintext:
http://blog.skycure.com/2013/06/wifigate.html -
Read the original blog post, not the TechWeek arti
Read the original blog post instead: http://blog.skycure.com/2013/06/wifigate.html Summary: phones come pre-loaded with wifi SSNs, which you can spoof and get random iPhones to connect to you. Reach-arounds ensue.
-
Re:Are you sure?
Didn't the iOS LinkeIn App get caught doing similar over a month ago? http://blog.skycure.com/2012/06/linkedout-linkedin-privacy-issue.html
IOW it's no different than the Android LinkeIn app.
-
Re:Are you sure?
Didn't the iOS LinkeIn App get caught doing similar over a month ago? http://blog.skycure.com/2012/06/linkedout-linkedin-privacy-issue.html