Smartphones Risk Attacks On Unprotected Wi-Fi Networks

You might want to be careful with what you do on your iPhone over an unprotected Wi-Fi hot spot. A recent report from mobile security research firm SMobile Systems says iPhones and other smartphones connected to unencrypted Wi-Fi hotspots are easy targets for hackers with certain tools that are currently available to them. Their study used a laptop with software tools that intercepted communications between smartphones connecting to a Wi-Fi access point, and then to bypass SSL. The information was then used to access several email accounts, but could also be used for things like bank accounts.

The test was performed using the Nokia N95, HTC Tilt running Windows Mobile, HTC G1 running Android, and the iPhone 3GS with the latest firmware, and was equally effective on all of them. The user had no way of knowing that their information was being compromised by a third party.

Some tools that can be used for this purpose:

  • Arpspoof: redirects packets from the target host on a LAN to the host they designate on the same LAN using forged Address Resolution Protocol replies
  • SSLStrip: hijacks HTTP traffic
  • Ettercap: sniffs, intercepts and logs packets
  • Wireshark: network protocol analyzer used to sniff packets

[via Macworld]

View the comments on the forum…