I think I need to elaborate on why I thought this merited posting. While I don’t think this is an issue that will impact our networks, I do think it’s a personal security issue. Think about it. You go into Starbucks and your iPhone/iPad/Macbook broadcasts your home SSID. Someone sitting there grabs that information using FireSheep and cross-references against Google (remember, as part of their StreetView recording, they grabbed WiFi information) or WiGLE.net . Now they know your home address. And they know you’re not there.
-Brian From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Brian Helman Sent: Thursday, March 29, 2012 10:26 AM To: [email protected] Subject: [WIRELESS-LAN] Apple security flaw in wifi implementation I'm not one to resend articles, but I'm going to make an exception here. I was listening to yesterday's episode of Security Now and Steve Gibson mentioned this article. A lot of times, these things are serious, but not really something I'd worry about in the short-term. This one has some serious potential though. I just thought I'd pass it along to this (and the security) list: "An Ars[technical] story from earlier this month reported that iPhones expose the unique identifiers of recently accessed wireless routers, which generated no shortage of reader outrage. What possible justification does Apple have for building this leakage capability into its entire line of wireless products when smartphones, laptops, and tablets from competitors don't? And how is it that Google, Wigle.net, and others get away with publishing the MAC addresses of millions of wireless access devices and their precise geographic location?" Here's the link: http://arstechnica.com/apple/news/2012/03/anatomy-of-an-iphone-leak.ars Because of AT$T’s new policy to screw over customers with UNLIMITED data plans, I’ve been leaving the wifi enabled on my iPhone. I’ll have to reconsider that now. Cross-posted to the security list as well. -Brian
