Wi-Fi Breaches Found in iPhone, Android Devices

Public Wi-Fi hotspots spell trouble for smartphone data protection, according to a mobile security firm that successfully hacked several high-end handsets through unprotected wireless networks.

A team of security experts from SMobile Systems recently issued a research paper outlining the steps they took to successfully breach data on four popular smartphones using “man-in-the-middle” (MITM) attacks.

An MITM attack involves a hacker intercepting the communication between two systems, in this instance a smartphone connecting to a Wi-Fi access point, by relaying messages between the two. The traffic is re-routed, with the hacker creating new connections or disabling existing connections to his or benefit.

The SMobile team breached the secure-socket-layer (SSL) security on the Nokia N95 running S60 OS and Apple iPhone 3GS running on OS 3.1 through an unsecured Wi-Fi network. It did the same for the Windows Mobile-powered HTC Tilt and Android-based T-Mobile G1 though the report did not specify the version of the OSes used.

The research highlights the vulnerability of smartphones connecting to Wi-Fi networks that aren’t secured through a Wi-Fi Protected Access certification, the same vulnerability that has led to widespread exploits against PCs.

News of the hack comes as IT staff are facing growing challenges associated with managing a workforce using a variety of smartphones running different operating systems and as Wi-Fi becomes a must-have — and much used — feature in smartphones.

With SSL bypassed, the attacker can view data such as login passwords in plain text on the computer being used for the exploit.

Examples of tools used in the attack included Arpspoof and SSLStrip, which were loaded on a laptop to gain access to users’ names and passwords by breaking the smartphones’ SSL encryption, according to the report.

Arpspoof redirects packets from a target host on the LAN to the intended host on the same LAN by forging address resolution protocol replies to the target host, while SSLStrip hijacks HTTP traffic, according to SMobile.

SSLStrip, which was first introduced at the Black Hat security conference earlier this year, has security implications for networked devices using any unsecured connection, Wi-Fi or otherwise.

“Utilizing this method, the attacker has effectively told the victim device to route all traffic through the attacker’s machine [laptop], and the attacker machine then forwards the requests to the Wi-Fi hotspot,” the researchers said in their report.

The testers targeted the mailbox, Web browser and e-mail applications on the four high-end handsets and were able to get e-mail login credentials for all four smartphones.

The takeaway from the exploit: enterprises need to protect Wi-Fi-enabled smartphones the same way they do corporate laptops, by using client security software such as firewall and antivirus programs.

“It underscores the fact that the use of public Wi-Fi hotspots should be approached with caution and care should be taken that confidential or private data is adequately encrypted, when it becomes necessary to access such data,” the researchers concluded.

Update corrects description of HTC Tilt to indicate that the device uses Windows Mobile.