Risks of just connecting to pineapple

[Johnnie]

Hi,

Normally I never use open networks and this gave me some (false?) sense of security against hotspot honeypots. But as I'm playing around with Wifi Pineapple these days I'm connecting my phone to my own honeypot it made me thinking: Say I forgot to clear those networks and went outside and my phone connected to another honeypot. What would be the implications of this? I'm not going to use the network obviously but can the attacker run some sort of attack even in this case?

Just trying to understand all aspects of risks involved with this tool.

Thanks.

[TwistedPacket]

If your phone connect's to the rouge network.the hacker can scan your phone.. Sniff traffic etc. There is a way to even Jailbrake iPhone's secretly when connected to a rouge AP and install hidden apps. On Android you just spoof an update then PWNED!

-Tp

[Johnnie]

That sounds scary. I use an Android and then it is entirely possible to get hacked even without using the network.

I recently sticked an NFC tag on my door. Whenever I'm going out I'm touching my machine which launches a program to disable WiFi completely. I figured I don't need Wifi running when I'm out anyway. Not the ultimate solution obviously, but hope it helps a little.

Thanks for the info.

[Foxtrot]

If your phone connect's to the rouge network.the hacker can scan your phone.. Sniff traffic etc. There is a way to even Jailbrake iPhone's secretly when connected to a rouge AP and install hidden apps. On Android you just spoof an update then PWNED!

-Tp

Would you elaborate on the Secretly jailbreaking iPhone attack? I didn't think that was possible.

-Foxtrot

[TwistedPacket]

Would you elaborate on the Secretly jailbreaking iPhone attack? I didn't think that was possible.

-Foxtrot

I think its going to be relased at Blackhat this year. .

-Tp

[Foxtrot]

I think its going to be relased at Blackhat this year. .

-Tp

Hmm, cool... Because jailbreaking has always required USB access to perform a bootrom exploit, like limera1n on PC, or a userland exploit like JailbreakMe, and the Last userland exploit found was in 4.3.3 i think.... But thats a different thread lol :p

-Foxtrot

[TwistedPacket]

The exploit occurred when the phone was plugged in to charge. The way I understand it is that the IOS code that this is using has to do with verifying AC power. Not sure how it works to be honest :)

-Tp

[kyhwana]

If you connect to a honeypotted AP it depends on what traffic you do over it. If you don't pay attention and login to facebook/gmail/etc that's had SSL stripped or ignore any SSL warnings, you're boned.

There are also apps that use SSL but don't verify SSL certificates. If you use one of these apps and there's someone evil in between you, you can still get boned..

[Johnnie]

If you connect to a honeypotted AP it depends on what traffic you do over it. If you don't pay attention and login to facebook/gmail/etc that's had SSL stripped or ignore any SSL warnings, you're boned.

There are also apps that use SSL but don't verify SSL certificates. If you use one of these apps and there's someone evil in between you, you can still get boned..

Sure, but my scenario was not using the network deliberately. I'm already familiar with the risks of that. But can't control what and how every app is sending automatically in the background so that may be a vulnerability I guess.

[telot]

If you connect to a honeypotted AP it depends on what traffic you do over it. If you don't pay attention and login to facebook/gmail/etc that's had SSL stripped or ignore any SSL warnings, you're boned.

There are also apps that use SSL but don't verify SSL certificates. If you use one of these apps and there's someone evil in between you, you can still get boned..

Can you verify sslstrip works on some apps? I've not had any luck with it. Moxie has an awesome right up on his site about how the prevalence of apps is a huge boon for ssl-related security due to the fact the apps don't have to conform to browsers. Any info would be appreciated kyhwana!

telot