As a follow up to our post last week I came across some great discussion of the topic on the DailyDave list late last week. Basically, Christos Kalkanis started the thread defending Mark’s work against the comments from the Ars article. Specifically, he covered the SSID broadcast and MAC address disclosure vulnerabilities. The author of the original Ars article, Robert Graham, queues in to add his input as well with a lot of the focus on the confusion around how Apple’s iPhone wifi cards work.
Finally, Mark follows up with a detailed explanation debunking several myths people have about how the iPhone wifi capability works. Specifically he addresses the following “myths.”
- Apple products don’t probe for known SSIDs.
- Apple products are immune to KARMA-like attacks.
- Apple keeps an internal list of MAC addresses of APs which I’ve connected to therefore I’m safe from all this stuff you are talking about.
- The ARP disclosure you revealed at INFILTRATE doesn’t effect me or my enterprise.
- (something about SSID probing) and (something about ARP disclosures)
Each is explained in detail and he closes with steps for debunking these myths yourself.
I’d recommend checking out the full thread here for all the details if last week’s post caught your attention.
Planning on running your own tests? If you do and can confirm the results, please let us know in the comments below. Today’s post pic is from Prezi.com. See ya!