Your new Mac; Powerful, Easy to use and possibly vulnerable. Wait, what?

29. April 2013 Security 0

A topic i touch on almost daily, i have no idea why i haven’t written about this sooner. Thanks to Troy Hunt for inspiring me to write it now.

When you buy your new Mac, iPhone, iPod Touch or iPad, chances are big one of the helpful employees in an Apple Store helps you set it up. It’s part of the experience when shopping in an Apple Store. They might walk you through initial setup, downloading some apps and setting up your e-mail, making sure you leave the store with a device that’s ready to go. A similar process, though less often, is done for Macs. The initial setup is done, you may get some help with setting up your e-mail and a quick overview of FaceTime, Safari, iCloud etc.

Whatever the staff helps you with during that first time setup, one step is always the same; let’s connect you to the internet. This is usually a free Apple owned Wi-Fi network named “Apple Store” or “Apple Demo”. You don’t think anything of it and without it, well, you miss out on a lot during that setup.

The same goes for Genius Bar appointments, Personal Training and Workshops. You walk into an Apple Store and most likely you’ll end up connecting one of the free networks one way or another.

So what’s the big deal? I have mentioned the risks of free and unprotected Wi-Fi before and have explained how easy it is to have your information stolen on such networks. (I also have a draft of a post somewhere talking all about Man In The Middle (MITM) attacks, this should be online soon).

Your Mac (and iDevice) has a setting that makes it very easy for you to connect to Wi-Fi networks you have connected to in the past. Open or password protected, if you have joined it before, your Mac remembers and will automatically join it again next time you get in range. This way you can just close your laptop at home, go over to Starbucks, open the screen and voila you are connected to the Starbucks Wi-Fi and of course the same happens once you come home again. Go to System Preferences > Network > Wi-Fi and click the Advanced button. The list you see are all the networks your Mac has remembered for you. See if “Apple Store” or “Apple Demo” is one of them.

Picture credit: Troy Hunt, troyhunt.com
Picture credit: Troy Hunt, troyhunt.com

Long story short, someone can set up a fake network called “Apple Store” or “Apple Demo” and monitor all the traffic that is sent/received over that network. Your Mac or iDevice will connect to it, no questions asked, you may not even notice. As almost every device that leaves an Apple Retail Store has one of these networks set up, this creates quite a security risk.

To prevent this from happening, delete the Apple Store networks from your ‘Preferred Networks’ list. Keep in mind this goes for any free/unsecured Wi-Fi, remember this next time you connect to one of those network and uncheck the “remember this network” box before you connect or delete it from the list when you are done with that network.
Have a look at Troy Hunt’s article here, it also has screenshots and steps on how to prevent this from happening to your iDevices. The reason i kept this post short is because he pretty much already covered all there is to say, it’s a good read.


Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.