Featured Articles

Intel releases tiny 3G cell modem

Intel releases tiny 3G cell modem

Intel has released a 3G cellular modem with an integrated power amplifier that fits into a 300 mm2 footprint, claiming it…

More...
Braswell 14nm Atom slips to Q2 15

Braswell 14nm Atom slips to Q2 15

It's not all rosy in the house of Intel. It seems that upcoming Atom out-of-order cores might be giving this semiconductor…

More...
TSMC 16nm wafers coming in Q1 2015

TSMC 16nm wafers coming in Q1 2015

TSMC will start producing 16nm wafers in the first quarter of 2015. Sometime in the second quarter production should ramp up…

More...
Skylake-S LGA is 35W to 95W TDP part

Skylake-S LGA is 35W to 95W TDP part

Skylake-S is the ‘tock’ of the Haswell architecture and despite being delayed from the original plan, this desktop part is scheduled…

More...
Aerocool Dead Silence reviewed

Aerocool Dead Silence reviewed

Aerocool is well known for its gamer cases with aggressive styling. However, the Dead Silence chassis offers consumers a new choice,…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Friday, 14 June 2013 10:48

iPhones should not go on Wi-Fi

Written by Nick Farrell

Jobs’ Mob security strikes again

Apple is so lacklustre on its security and networking that it makes plugging in the iPhone jolly risky. Security firm SkyCure has found feature in iPhone devices running on certain networks, including Vodafone, that would connect automatically to a Wi-Fi network with a specified SSID, such as ‘BTWiFi’.

While this sounds like a wonderful feature, it means that a crook can get you to connect to any station you like and listen to your calls or gain access do your Coldplay collection. You might think that this sort of security threat would be one of those bugs that people find and then fix, the security industry has known all about it for years. Indeed on other most other phones it is fixed. But the way in which iOS devices are hooking up to certain Wi-Fi networks automatically is a real concern.

The case highlights another weakness in the way Apple protects traffic managed by its Safari browser. At the moment the rest of the world is moving towards the HTTPS protocol through a mechanism called HTTP STS, Apple is not. HTTP STS was released in 2012 and already Chrome and Android supports it.

Of course Apple could be sensible. It could, for example, roll out HTTP STS. It could also recommend the use of an app such as those offered by Shield and Onavo, which isolate devices from malicious networks. Needless to say it probably will not. So far Vodafone based IPhones can be seen as safer. Vodafone uses an embedded configuration to control things within the iPhone. These are ‘1WiFiVodafone1x’ and ‘Auto-BTWiFi’ are locked to ‘EAP-SIM’ authentication which is a bi-directional authentication protocol.

blog comments powered by Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments