[Dailydave] iPhone Security
Dave Aitel
dave.aitel at gmail.com
Mon Jan 11 13:12:22 EST 2016
You're not missing anything: The difference is one simple thing. If you set
up your email account on an iPhone with anything OTHER than "Other" you
don't even get the prompt. If you use "Other" then you get a prompt which
everyone seems to click, and they get owned.
-dave
On Mon, Jan 11, 2016 at 1:00 PM Bojan Zdrnja (SANS ISC) <bojan.isc at gmail.com>
wrote:
>
>
> On 1/5/2016 5:31 PM, Dave Aitel wrote:
> >
> http://immunityproducts.blogspot.com/2016/01/the-danger-of-other-on-iphone.html
>
> Quoted from the article:
>
> "So what happens then is you, the user of the iPhone, will connect to
> AT&T wifi, and when you check your mail a little popup message will
> appear. It will offer you the option to "Continue". If you click that
> very natural button, SILICA will steal your password."
>
> So how is this different from any other WiFi AP impersonation (apart
> from the users not understanding what they are doing and clicking
> accept/continue)?
>
> Or I'm missing something here ...?
>
> Cheers,
>
> Bojan
>
> --
> Bojan Ždrnja
> CISSP, GCIA, GCIH, GWAPT
> Senior Information Security Consultant
>
> gsm: +385 99 463 4466
> e-mail: bojan.zdrnja at infigo.hr
>
> INFIGO IS d.o.o.
> Karlovačka cesta 24a, 10020 Zagreb
> Croatia
> tel: +385 1 4662 700
> fax: +385 1 4662 701
> web: http://www.infigo.hr
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20160111/797ef9a6/attachment.html>
More information about the Dailydave
mailing list