attwifi SSID and the iPhone’s Secret Relationship

attwifi SSID and the iPhone’s Secret Relationship

AT&T iOS 5 iPhones have a special behavior when it comes to the SSID “attwifi”. Based on my testing iOS 5 iPhones automatically connect to the attwifi SSID even without user intervention.

To confirm this I did below.

1) Moved phone to a place with “attwifi” SSID (this should work with any access point configured with attwifi SSID..but haven’t tested)

2) Reset all network settings on iPhone by going to General > Reset > Reset Network Settings

3) iPhone will reboot with no known / preferred WiFi networks but will be connected to a WiFi network!

3) Checking the Settings confirms the connected network is using SSID attwifi

4) Once connected you can turn off “Auto-Join” which is similar to the “Forget Network” option available for other SSIDs.

iPads don’t autoconnect to the attwifi SSID but the “Auto-Join” feature is there for the attwifi SSID.

Why Do iPhones Auto Connect to attwifi SSID?

I can only think of one good reason for this “feature”….3G offload…if AT&T WiFi is available (assuming attwifi ssid is operated by AT&T) they would prefer data traffic use WiFi network instead of cellular network.

The most important reason not to have this behavior enabled by default is related to security. Apple is exposing iPhones users to Man-in-the-Middle (MiTM) attacks.

A man-in-the-middle (MITM) attack occurs when an attacker inserts himself between two devices and is able to read, insert, modify messages between the two devices.

The most difficult part of a MITM attack in wired networks is getting in the middle without being detected. Usually this requires physical access to the network increasing the chances of being discovered.

In wireless network an attacker can insert his device in the the path of communication remotely and never expose himself making this one of the most dangerous types of wireless attacks. A MITM attack can be used to break connections such as SSL, SSH and VPN.

A wireless MITM utilizes a rogue access point, rogue station and phishing to exploit a user connected to the wireless network. Usually the rogue access point is implemented as a software based AP using a PC with dual wireless network interfaces.

Man-In-The-Middle Attack


How to Stop “Auto-Join” to attwifi SSID

Connect to attwifi SSID then go to Settings > WiFi > attwifi and turn off “Auto-Join”. This setting will remain even after network setting resets.

If you liked this post, subscribe using below

WLAN Book RSS Feed

RSS Email WLAN Book by Email


Filed under: WLAN Security

Comments are closed.