I don’t feel that this issue gets enough coverage so I am adding my voice to the mix in the hopes that someday the makers of our popular mobile operating systems will FIX THE ISSUE! What I’m going to discuss is a wireless association vulnerability that was first discovered by Max Moser (site here and his full disclosure) way back in 2004 for Windows XP. Using airbase-ng (part of the Aircrack-ng suite of tools) this same attack works against the latest versions of iOS5 and iOS6 (iPhone and iPad), Blackberry OS, and Android. Apple’s iOS, from AT&T Wireless, even comes with a helpful default profile so you can attack a device right out of the box (see Tweet by HD Moore). The only mobile OS that does not have this issue is Windows 8 on the new Nokia phones. I don’t know a soul that has one of these phones so I hung out in an AT&T Wireless store to conduct my testing. Those Microsoft devices will not associate with any Airbase-ng APs that mimic APs from the device’s probe packets. Some individuals have tried to tell the world about this issue. A great Youtube video was created by Jeffery Wilkins demonstrating this issue. Vincent Costagliola at patctech.com wrote this article mentioning the same issue.
My testing has shown that an iPhone will connect to airbase-ng even if it is already connected to a WPA encrypted access point. Just as described by Max Moser in 2004.