Apple and AT&T Will Learn that User Agents are no good for access control

Posted by Martin in Browsing, Hacking, Security, The Web  Tags: , , , ,

2

May


Apple iPhone users can access the Internet free of charge through AT&T hotspots, that’s what Macrumors is reporting. That’s a great additional feature for iPhone users and apparently for everyone else as well. The way of determining if a device is eligible for free access is by checking the User Agent of the device. We all know what it is very easy to spoof the User Agent of any browser. All that needs to be done now is to change the User Agent of the browser to the User Agent of the iPhone’s browser.

The User Agent of the iPhone browser is Mobile Safari 1.1.3 - iPhone. A user with Firefox or Opera could now easily change his User Agent to the one used by the iPhone to access the Internet without costs at every AT&T hotspot. One possible add-on that can be used for Firefox would be the User Agent Switcher.

User Agents are definitely not a secure way to protect a network or website from unauthorized access. The same can be said for referrer checks which are as insecure. It probably will only be a matter of time when AT&T decided to change the way the free access is granted to the iPhones only. Probably through a small application that is run on the iPhone instead.


Related Posts

2 Users Commented In This Post

Subscribe To This Post Comment Rss Or TrackBack URL
MyAvatars 0.2
Dante says, May 3rd, 2008   

Now, THIS, I have to try. Might even set up a man-in-da-middle hack to see what the mactards out there are doing :)

MyAvatars 0.2
Read 20 Digital Magazines for Free says, May 27th, 2008   

[...] Iphone owners get more. They get free Wireless access at AT&T Hotspots, which no longer is that easy to defeat and now they also get [...]

Leave Your Comments Below
Hello, please leave your thought below

Please Note: Comments may need to approved by admin. so there's no need to resubmit your comments.