Security Expert Raul Siles from Help Net Security has revealed a vulnerability in all major mobile operating systems, except BlackBerry 10. The vulnerability exists in the method the devices use to detect and connect to Wi-Fi networks.
Siles says that every time the Wi-Fi of a device is turned on, the device starts checking through 802.11 probe requests for networks on a periodic basis. The probe requests search for networks on the device’s Preferred Network List (PNL), and once an appropriate response is obtained, it tries connecting to the network.
With the way the devices connect to a network, a skilled hacker could create a fake network thereby capturing a device and manipulate it. The reason being due to the network discovery process is performed by sending out a generic probe request as an open broadcast with specific requests.
“This situation has been known since 2004; Microsoft fixed it for Windows XP in 2007 and recently in Windows Phone devices but it seems the other mobile device vendors are not as concerned,” says Siles.
The issue does not appear to be prevalent in BlackBerry 10. However, users of BlackBerry 7.x can resolve the issue by enabling the “SSID broadcasted” option from the advanced Wi-Fi settings of the device.