[N9Swipe]

AT&T unlocked and the AT&T debranded Privs have a nasty WiFi networking bug.

The bug is most likely to impact people when traveling, particularly in cities. Additionally, if WiFi Calling is enabled, I am worried the bug may cause 911 emergency calling to fail. I have not tried calling 911 to test this.

Despite BlackBerry's excellent debranding update that removed the AT&T proprietary applications, there is an embedded saved WiFi network, "attwifi" that seems to have been inadvertently left in the OS. Trying to remove the network from the saved networks list results in an error that the carrier's network cannot be removed, despite the Priv actively running on another carrier's network. Because you are not using an AT&T sim card, the Priv connects to the network, but AT&T understandably blocks the data transfer over their WiFi network. You get a useless WiFi connection that also breaks the cellular data connection.

Thus, when traveling and passing by an AT&T network, in a taxi for example, the active cellular data connection will be interrupted, breaking any active user sessions. This is incredibly frustrating, particularly if you are commonly within an "attwifi" coverage area for an extended period of time. Further, I am concerned that if a 911 call is needed and the attwifi network has hijacked the device, the outgoing call will fail. This is scary and I hope I am wrong, because people's lives could be at risk if this is true.

Anybody in a position to escalate this bug, and have the attwifi network disable itself when not using an AT&T sim card - PLEASE ESCALATE!

[Bla1ze]

You can report the bug yourself - How to collect logs from a BlackBerry smartphone powered by Android escalation will come automatically if enough people report it. If it's really problematic as you say, chances are it's a known issue anyway and maybe your report will be the one to push it over the edge, so to speak.

[N9Swipe]

Hi. Unfortunately the log reporting facility is for picking up things like crashing apps, not something like this. Surely you are not suggesting to go poking through the debug settings following a failed 911 call?

Here is how to see if you are impacted:
1. Go into Settings
2. Tap Wi-Fi
3. Tap the 3 dots in the upper right corner
4. Tap Saved networks
5. Tap attwifi
6. Tap FORGET
7. See if you get an error or not, but then either way, continue:
8. Tap the back arrow
9. Tap Saved networks again
10. See if the attwifi network returned

You can see how this was simply overlooked by the developers, given that there are no "attwifi" networks in Canada.

If anyone can help to escalate, please help!

[ihearlivepplz]

AT&T debranded priv in India, No attwifi under saved wifi networks.

[tickerguy]

This is a fairly-serious issue even with an AT&T SIM in the phone. ANY SSID named "attwifi" will be silently connected to and you can't stop it! If it has connectivity then you will use it, period. The potential for chicanery and ripping you off is intense.

I actually had an "attwifi" SSID published on my WiFi router that intentionally black-holed everything (was routed to a VLAN that didn't exist on my switch), with a set password (that was a bunch of random trash) in order to FORCE the phone to ignore it when I was home.

I'm no longer on AT&T but this problem is very real and someone with less than honorable intent who sets up such a "hotspot" can really screw anyone who's an AT&T customer. The only real defense against it would be to run a full-time VPN connection (e.g. StrongSwan) and leave it nailed up all the time.

I suspect a factory reset will get rid of your "rogue" network definition if you don't have an AT&T SIM in the phone once the debranding happens. However, if you stick an AT&T SIM back in the phone it will come back...

It will (probably) not block a 911 call since WiFi calling will not enable until and unless the IPSEC connection comes up, and it won't.

[N9Swipe]

tickerguy, WOW - that is horrifying!

Interesting feedback that he's not seeing it in India, which makes me wonder if it's a regional (USA) flag that flips it on for the AT&T devices... but your umm confidence (wink?) that you think it may go away after a reset is interesting. Every time I reset my device an angel loses its wings, so I'm not going to put myself through that hell yet again unless it's 100% confirmed.

So what your saying is, someone could walk into a crowded area, say a busy intersection, a big store, a subway platform wired with cellular service, whatever, turn on a hotspot set to "attwifi" and configured to do evil business, and cause havoc and/or theft from everyone standing around on AT&T?! Holy moley!

I hope BlackBerry, the new mobile security company, is listening!! These cybersecurity issues need to be fixed!!! (But start with just removing the attwifi network from the debranded devices, please)

[tickerguy]

So what your saying is, someone could walk into a crowded area, say a busy intersection, a big store, a subway platform wired with cellular service, whatever, turn on a hotspot set to "attwifi" and configured to do evil business, and cause havoc and/or theft from everyone standing around on AT&T?! Holy moley!

Yep. I CONFIRMED it will attach to an un-passworded "attwifi" SSID by setting one up at the house, and the phone immediately did so. There is ZERO confirmation performed that it really IS an AT&T hotspot (e.g. some sort of certificate exchange, etc.)

This is a horrifyingly bad situation that can be trivially exploited and almost certainly IS being actively exploited, simply due to how easy it is. It's not limited to BlackBerry devices by any means; it's all over the place with AT&T handsets and SIM cards.

Incidentally even IF they verified that it really was an AT&T wifi hotspot it wouldn't matter since they're unencrypted. That in turn means that even for "real" AT&T hotspots you're hosed because ANYONE with a WiFi device and commonly-available software can "sniff" all your traffic, which has no encryption on it whatsoever. It is utterly trivial to steal ANYTHING that passes over such a connection unless it is separately protected (e.g. by VPN, by https, etc) The thief can be anywhere within a couple hundred feet of you outdoors (or 100' or so inside) and you'd never know it happened.

This sort of intentional forcing of connections with exactly zippo for security or verification ought to be treated as criminal trespass upon your property and the firm responsible (in this case AT&T) indicted and their executives tossed in a communal jail cell full of rapists. Forcing an insecure, no-cryptography ssid that you CANNOT DISABLE into the WiFi "learned" list is outrageous bordering on the obscene.

[N9Swipe]

This is blowing my mind. Imagine if some bad actors wanted to act on this in a coordinated way? How is the FCC not all over this?!?

BlackBerry developers lurking here - for the love of Christmas, PLEASE finish the job and get attwifi out of the "debranded" AT&T devices!!! ASAP!!!! THANK YOU AHEAD OF TIME!!!

[tickerguy]

This is blowing my mind. Imagine if some bad actors wanted to act on this in a coordinated way? How is the FCC not all over this?!?

WANTED TO? There is a reasonable degree of certainty that they have been and ARE.

[Wezard]

I'm running a factory unlocked with an AT&T SIM, I don't recall ever trying to use the AT&T wifi, but 2 of them were in my saved settings. I've deleted them, (forget). I'm real curious to see if they come back. Scan for wifi is, and has been off. May be a couple of days before I can say with certainty, yes or no.It's a bit surprising how much control a SIM has over a phone.

[jsm180]

Can't delete attwifi on my factory unlocked priv with att sim, message says "can't forget providers network".

[Wezard]

Odd, I just did it, even rebooted phone to make sure it didn't come back, (it didn't).
Are you by chance within range of an AT&T network?
Settings > wifi > 3 dot > saved networks > forget?
If that doesn't work, pull the SIM and try.
Course thats all kind of academic if it just comes back when you get around a network, make sure scanning is OFF.