1. rstark18's Avatar
    I had just done a CLEAN restore of iOS5 and had gone out to eat. I was sitting there eating and noticed my WiFi indicator was on. I thought that was strange and I looked and I was logged into an AT&T WiFi hot spot at the Starbucks across the street. I don't like the fact that they are choosing to log us into a WiFi network automatically with asking.
    10-08-2011 03:19 AM
  2. MustangLife's Avatar
    I'll have to find a AT&T hotspot and give it a try and see what happens. I am assuming you have ask to join networks on am I right. And also you have been to that Starbucks before and used there wifi right. When I went from 4.3.5 to 5.0 info was saved. Wifi and passwords, ringer volumes, etc.
    10-08-2011 06:18 AM
  3. Timhewitt's Avatar
    This has been a feature for AT&T customers since iOS 3...
    10-08-2011 07:04 AM
  4. rstark18's Avatar
    No.
    It was a CLEAN restore not a re store from backup. No setting were saved at all.
    I have auto join OFF. This is one of the first settings I change after a restore.
    AT&T has allowed us to use their wifi hot spots for some time. BUT the iPhone has NEVER logged you on to those network automatically. NEVER.
    10-08-2011 10:57 AM
  5. Timhewitt's Avatar
    Mine has done this all along.
    10-08-2011 11:09 AM
  6. Massie's Avatar
    Had you joined any other AT&T hotspots between the restore and going out to Starbucks? There's an interesting article here about auto-joining AT&T networks and the security risks involved. (Note that the article is from last year; one hopes the security hole has been plugged since then.) From the article:

    Typically, an iPhone will look for a specific MAC address--the unique identifier for the router--to verify that the wireless network is a device a user agreed to join previously, according to Kamkar. However, if the iPhone has previously connected to any one of the numerous free AT&T Wi-Fi hot spots (offered at virtually every Starbucks in the U.S., for example) the device will ignore what the MAC address says and simply connect to the network if it has "AT&T Wifi" attached, he said.

    "The iPhone joins the network by name with no other form of authentication," he said [emphasis mine].
    Kamkar said he made this discovery recently when he was at a Starbucks and disconnected from the AT&T Wi-Fi network.

    "I went into the settings to disconnect and the prompt was different from normal," he said. "I went home and had my computer pretend to be an AT&T hot spot just by the name and my iPhone continued to connect to it. I saw one or two other iPhones hop onto the network, too, going through my laptop computer. I could redirect them, steal credentials as they go to Web sites," among other stealth moves, if he had wanted to.
    10-08-2011 11:13 AM
  7. rstark18's Avatar
    Mine has done this all along.
    This is because you at some point proactively joined that network at some point and it is remembering that choice. What I'm saying is I have NEVER asked to join ANY AT&T wifi hot spot as I don't like to use public wifi.
    10-08-2011 11:14 AM
  8. rstark18's Avatar
    Had you joined any other AT&T hotspots between the restore and going out to Starbucks? There's an interesting article here about auto-joining AT&T networks and the security risks involved. (Note that the article is from last year; one hopes the security hole has been plugged since then.) From the article:

    Typically, an iPhone will look for a specific MAC address--the unique identifier for the router--to verify that the wireless network is a device a user agreed to join previously, according to Kamkar. However, if the iPhone has previously connected to any one of the numerous free AT&T Wi-Fi hot spots (offered at virtually every Starbucks in the U.S., for example) the device will ignore what the MAC address says and simply connect to the network if it has "AT&T Wifi" attached, he said.

    "The iPhone joins the network by name with no other form of authentication," he said [emphasis mine].
    Kamkar said he made this discovery recently when he was at a Starbucks and disconnected from the AT&T Wi-Fi network.

    "I went into the settings to disconnect and the prompt was different from normal," he said. "I went home and had my computer pretend to be an AT&T hot spot just by the name and my iPhone continued to connect to it. I saw one or two other iPhones hop onto the network, too, going through my laptop computer. I could redirect them, steal credentials as they go to Web sites," among other stealth moves, if he had wanted to.
    No and I am ABSOLUTELY positive I didn't join it previously. Even if I had a clean restore would have wiped it and I had done that the night before.
    Thanks for that link as I did already know that but many people do not. That is one of the reasons I don't use public wifi and have auto join off. 3G is good enough when I'm out and I'm very security minded (Security Now podcast!).
    Last edited by rstark18; 10-08-2011 at 11:21 AM.
    10-08-2011 11:18 AM
  9. Massie's Avatar
    But I believe it's a different thing because it's a carrier network, not like most wifi networks--in other words, it might be tied to your device on a deeper level than an iOS restore would change. (Maybe via your SIM, or your IMEI, etc.) So it may be that if you had EVER joined an AT&T network, your device will then auto-connect every time until you tell it to forget the network, regardless of whether or not you restored your OS.
    10-08-2011 11:23 AM
  10. rstark18's Avatar
    But I believe it's a different thing because it's a carrier network, not like most wifi networks--in other words, it might be tied to your device on a deeper level than an iOS restore would change. (Maybe via your SIM, or your IMEI, etc.) So it may be that if you had EVER joined an AT&T network, your device will then auto-connect every time until you tell it to forget the network, regardless of whether or not you restored your OS.
    I know what your saying because obviously a Verz customer wouldn't auto join an att hotspot. Regardless it's a huge security flaw and has never acted this way in prior iOS's I sit at the same table for breakfast a few times a week next to that starbucks and it has never auto joined, I am 100000% positive. I tweeted my go to security guy (Steve Gibson) and hopefully he'll look into it and confirm what going on. He most likely doesn't have the GM loaded but I'm sure he'll load the release.
    10-08-2011 11:45 AM
  11. Massie's Avatar
    Yeah, keep us updated. In the meantime, see if you recall ever joining a different AT&T wifi network--not at that Starbucks, but maybe in a store, or somewhere when you were on the go, etc...that could explain it, especially if it was recently (which would explain why you hadn't seen that behavior at Starbucks before).

    OR maybe it is just a foul-up with the GM...
    10-08-2011 11:51 AM
  12. rstark18's Avatar
    I have autojoined in the past (well over a year ago). But a CLEAN restore (no backup) should wipe this info as it always has in the past. I'll be checking this Friday with a 4s that has never (and never will) join a public hotspot.
    10-08-2011 11:58 AM
  13. Timhewitt's Avatar
    I'm telling you, it's a feature for AT&T customers and has nothing to do with attaching to remembered networks.
    10-08-2011 12:02 PM
  14. rstark18's Avatar
    I'm telling you, it's a feature for AT&T customers and has nothing to do with attaching to remembered networks.
    Correct. That's what I think also. But this is a big security flaw as my neighbor can name their network the same name and I'll auto join. Not a good Feature
    10-08-2011 12:38 PM
  15. Farmdreads's Avatar
    I get annoyed when that log in screen pops up when I'm trying to surf. Just give me the wifi already!!
    10-08-2011 06:59 PM
LINK TO POST COPIED TO CLIPBOARD