I had just done a CLEAN restore of iOS5 and had gone out to eat. I was sitting there eating and noticed my WiFi indicator was on. I thought that was strange and I looked and I was logged into an AT&T WiFi hot spot at the Starbucks across the street. I don't like the fact that they are choosing to log us into a WiFi network automatically with asking.
Auto-Login At Starbucks Without Asking????
- Thread starter rstark18
- Start date
MustangLife
Well-known member
I'll have to find a AT&T hotspot and give it a try and see what happens. I am assuming you have ask to join networks on am I right. And also you have been to that Starbucks before and used there wifi right. When I went from 4.3.5 to 5.0 info was saved. Wifi and passwords, ringer volumes, etc.
Timhewitt
Well-known member
No.
It was a CLEAN restore not a re store from backup. No setting were saved at all.
I have auto join OFF. This is one of the first settings I change after a restore.
AT&T has allowed us to use their wifi hot spots for some time. BUT the iPhone has NEVER logged you on to those network automatically. NEVER.
It was a CLEAN restore not a re store from backup. No setting were saved at all.
I have auto join OFF. This is one of the first settings I change after a restore.
AT&T has allowed us to use their wifi hot spots for some time. BUT the iPhone has NEVER logged you on to those network automatically. NEVER.
Timhewitt
Well-known member
Massie
Well-known member
Had you joined any other AT&T hotspots between the restore and going out to Starbucks? There's an interesting article here about auto-joining AT&T networks and the security risks involved. (Note that the article is from last year; one hopes the security hole has been plugged since then.) From the article:
Typically, an iPhone will look for a specific MAC address--the unique identifier for the router--to verify that the wireless network is a device a user agreed to join previously, according to Kamkar. However, if the iPhone has previously connected to any one of the numerous free AT&T Wi-Fi hot spots (offered at virtually every Starbucks in the U.S., for example) the device will ignore what the MAC address says and simply connect to the network if it has "AT&T Wifi" attached, he said.
"The iPhone joins the network by name with no other form of authentication," he said [emphasis mine].
Kamkar said he made this discovery recently when he was at a Starbucks and disconnected from the AT&T Wi-Fi network.
"I went into the settings to disconnect and the prompt was different from normal," he said. "I went home and had my computer pretend to be an AT&T hot spot just by the name and my iPhone continued to connect to it. I saw one or two other iPhones hop onto the network, too, going through my laptop computer. I could redirect them, steal credentials as they go to Web sites," among other stealth moves, if he had wanted to.
Typically, an iPhone will look for a specific MAC address--the unique identifier for the router--to verify that the wireless network is a device a user agreed to join previously, according to Kamkar. However, if the iPhone has previously connected to any one of the numerous free AT&T Wi-Fi hot spots (offered at virtually every Starbucks in the U.S., for example) the device will ignore what the MAC address says and simply connect to the network if it has "AT&T Wifi" attached, he said.
"The iPhone joins the network by name with no other form of authentication," he said [emphasis mine].
Kamkar said he made this discovery recently when he was at a Starbucks and disconnected from the AT&T Wi-Fi network.
"I went into the settings to disconnect and the prompt was different from normal," he said. "I went home and had my computer pretend to be an AT&T hot spot just by the name and my iPhone continued to connect to it. I saw one or two other iPhones hop onto the network, too, going through my laptop computer. I could redirect them, steal credentials as they go to Web sites," among other stealth moves, if he had wanted to.
This is because you at some point proactively joined that network at some point and it is remembering that choice. What I'm saying is I have NEVER asked to join ANY AT&T wifi hot spot as I don't like to use public wifi.
No and I am ABSOLUTELY positive I didn't join it previously. Even if I had a clean restore would have wiped it and I had done that the night before.
Thanks for that link as I did already know that but many people do not. That is one of the reasons I don't use public wifi and have auto join off. 3G is good enough when I'm out and I'm very security minded (Security Now podcast!).
Last edited:
Massie
Well-known member
But I believe it's a different thing because it's a carrier network, not like most wifi networks--in other words, it might be tied to your device on a deeper level than an iOS restore would change. (Maybe via your SIM, or your IMEI, etc.) So it may be that if you had EVER joined an AT&T network, your device will then auto-connect every time until you tell it to forget the network, regardless of whether or not you restored your OS.
I know what your saying because obviously a Verz customer wouldn't auto join an att hotspot. Regardless it's a huge security flaw and has never acted this way in prior iOS's I sit at the same table for breakfast a few times a week next to that starbucks and it has never auto joined, I am 100000% positive. I tweeted my go to security guy (Steve Gibson) and hopefully he'll look into it and confirm what going on. He most likely doesn't have the GM loaded but I'm sure he'll load the release.
Massie
Well-known member
Yeah, keep us updated. In the meantime, see if you recall ever joining a different AT&T wifi network--not at that Starbucks, but maybe in a store, or somewhere when you were on the go, etc...that could explain it, especially if it was recently (which would explain why you hadn't seen that behavior at Starbucks before).
OR maybe it is just a foul-up with the GM...
OR maybe it is just a foul-up with the GM...
I have autojoined in the past (well over a year ago). But a CLEAN restore (no backup) should wipe this info as it always has in the past. I'll be checking this Friday with a 4s that has never (and never will) join a public hotspot.
Timhewitt
Well-known member
I'm telling you, it's a feature for AT&T customers and has nothing to do with attaching to remembered networks.
Correct. That's what I think also. But this is a big security flaw as my neighbor can name their network the same name and I'll auto join. Not a good Feature
Farmdreads
Well-known member
I get annoyed when that log in screen pops up when I'm trying to surf. Just give me the wifi already!!
Similar threads
Trending Posts
-
-
The iMore 20K / 50K Post Challenge - Are you up for it?- Started by Jaguarr40
- Replies: 31K
-
-
-
Facebook
Twitter
Instagram