Your iPhone is not good at keeping secrets when it comes to the wi-fi roads it has traveled. Security professional Mark Wuergler (@MarkWuergler), recently found iPhone behavior that is a reason for concern. He discovered that the iPhone broadcasts the MAC addresses of the last three wireless access points it connected to. In fact, further investigation revealed that any Apple device with Wi-Fi capabilities broadcasts this information. Blackberry and Android devices were also tested, but found to not exhibit this behavior.
It is suspected that Apple purposely designed its devices to behave this way in order to facilitate the wi-fi connection process when within range of an access point they frequently access. However, it also opens the door for anyone who may have targeted a device's owner. This information can be obtained easily by monitoring over-the-air traffic when in close proximity, such as in a coffee shop. Mr. Wuergler has developed an application, appropriately called "Stalker", that collects this information, as well as passwords, pictures, email, and any other data that is sent over an unencrypted access point. The access point's location can be determined by searching for its MAC address in geo databases, such as Google Maps, Wigle.net, or Skyhook. With a little bit of investigation, someone sorting through this data could determine the owner's place of employment, where they live, or places they frequent, especially if the SSID for the access point offers a clue.
It is not known at this time if Apple plans to address the issue with an operating system update. For those that are concerned about this vulnerability, Mr. Wuergler suggest you delete your wireless profiles periodically, turn off the wi-fi service when not in use, and be mindful of the amount of personal data you store on your device. Also, making sure you connect to web sites using using HTTPS or employing a VPN will help keep your data protected.
Wow, this sounds horrible in terms of security! iPhones are cool; but this would be an issue with which I would have a problem if I owned one. I dunno if Apple will fix it or not, since it seems like it was designed that way... Or maybe Apple will make apps to give users privacy.
Well isn't this lovely. I already keep my passwords only in BB Password Keeper, don't use public WiFi and only use banking apps in BB. This reinforces what we already know about security in other platforms.
But as we keep hearing, consumers don't care about security.