The mobile service provider AT&T puts default lists of trusted Wireless networks into its customers’ iOS and Android devices. In this way, users will automatically connect to a variety of Wi-Fi hotspots managed by AT&T. Comcast’s XFININTY is also in the business of disseminating wireless hotspots for its customers. Problematically, once you connect to one of these hotspots, it appears your device may automatically connect to any other hotspots you come across that broadcast the same network name and SSID.
There are obvious benefits to connecting to these hotspots, assuming they’re secure. Therein lies one problem though, you just don’t know how secure they are. They could be incredibly secure or they could be a bit leaky. You just don’t know. Perhaps more importantly, even if AT&T and XFINITY’s Wi-Fi hotspots are secure, you really don’t know if a network is actually controlled by the entity it claims to be controlled by. The increasingly Wi-Fi-enabled ecosystem in which we operate is conducive to attackers who would set up rogue or malicious Wi-Fi hotspots in order to monitor internet communications via man-in-the-middle attacks, pilfer login credentials, infect users with malware, and perform other malicious actions.
According to a report by Sean Gallagher of Ars Technica, mobile phones operating on AT&T’s network are set to connect automatically to any networks titled “attwifi.” Furthermore, as recent reports have pointed out, Comcast’s XFININTY Internet service is in the process of rolling out a feature called “XFINIFTY WiFi.” The service relies on the modems and routers of its users. While part of your router and modem will generate the internet for your home and your private network, another part will act as a public hotspot available to anyone with a Comcast XFINITY username and password.
Gallagher set up his personal laptop as wireless hotspot broadcasting the name “attwifi.” He then removed all the preferred network settings on his mobile device, and turned on his wireless. Almost immediately he was connected to the rogue network he had just created. He then disconnected from the hotspot. Within a matter of seconds, he was automatically connected to an XFININTY network broadcasting the name “xfinintywifi,” which was being transmitted from the modem and router of a neighbor.
As ISPs expand Wi-Fi availability, users are vulnerable to attacks that rely on rogue and malicious hotspots:Tweet
The reason for that, Gallagher explains, is that he had recently accessed another ‘XFINITY WiFi’ wireless network while waiting for an appointment earlier in the week. Each time a user connects, he or she has to re-authenticate with an XFINITY username-password combo. However, if you have already authenticated yourself in the last day, you won’t be prompted again.
There are a couple of problems here. One, AT&T users with default settings or those that have previously connected to a wireless network with the “attwifi” SSID would automatically connect to any network under that name, whether the connection is malicious or legitimately owned by AT&T. Two, a malicious actor could set up a rogue ‘XFINITY WiFi’ wireless network and present users with a spoofed login page whenever anyone tried to connect, thus giving the attacker the ability to steal XFINITY login credentials. This in turn could give the attacker access to XFINITY Web accounts and potentially partial payment and other sensitive information.
In order to prevent these auto-connects from occurring, iOS users should make it so that their device asks for permission before joining a wireless network. Users can activate the “Ask to join other networks” feature by going into their settings and accessing the “Wi-Fi” sub-settings page. Gallagher explains that Android users were only very recently given the ability to disable auto-connect with a carrier updated from AT&T. So, AT&T Android users should make sure they have installed the latest update.