The whole Starbucks thing seems to be getting me on a role in the wifi security arena. The recent deluge of free wifi security articles reminded me of an article Brian Krebbs wrote a while back called “Wi-Fi Street Smarts, iPhone Edition” about hotspot security. One of the pieces of advice was to remove known networks from your iPhone. Here are the instructions he posted.
“To force your iPhone to forget a wireless network after you’re done using it, click “Settings,” “Wi-Fi Networks,” select the wireless network’s name, and then ‘Forget this Network.’“
The problem back then was that there was no way to “Forget this Network” unless you were currently in the same location where you initially connected to the access point. I was hoping the iOS 4 would have fixed this problem but unfortunately it doesn’t. I know on Macs and Windows PCs you can get a list of previously connected networks through their advanced network properties options. From this list you can delete the networks completely and/or just deselect the ones that you don’t want to automatically connect to. Up to this point, the iPhone doesn’t seem to support a similar option.
The Googles have not turned up anything yet for me as well. The only solution seems to be to rename a spare access point to the SSID of the network you want to forget, connect to it with the iPhone, and choose the option to forget the network. This kludge seems like a lot of work and something that an average user probably doesn’t know how or want to do. Apple usability anyone?
Controlling the wifi networks you automatically connect to is very important. If you don’t clean up this list periodically, you are more at risk of becoming the victim of evil-twin or Karmetasploit-type attacks. Additionally, it seems that wifi device makers and the OSs that connect to them (including the iPhone) need to go a step further. For example, there needs to be some type of secured handshake between the “linksys” you normally connect to and the rouge “linksys” down the street. Maybe some sort of certificate or fingerprint acceptance process similar to how you trust SSH server signatures would be an option.
How are you getting the iPhone to “forget” networks? What type of handshake do you recommend between different devices with the same SSID? Let us know in the comments below.
Well thanks for listening to this little rant. See ya!
No related posts.
This might be where geolocation data might become useful. “only connect to this SSID at +-100m from these coordinates”
@Ben H Good point… That’s one alternative.