Apple and AT&T Will Learn that User Agents are no good for access control - gHacks Tech News

Apple and AT&T Will Learn that User Agents are no good for access control

Apple iPhone users can access the Internet free of charge through AT&T hotspots, that's what Macrumors is reporting. That's a great additional feature for iPhone users and apparently for everyone else as well. The way of determining if a device is eligible for free access is by checking the User Agent of the device. Each browser identifies itself when it connects to the Internet through the user agent, which may reveal information about the operating system, language or version.

We all know that it is very easy to spoof the User Agent of any browser to a custom string, and while you can select anything you want, you can select user agents from different devices or browsers to make services believe you are using such a device or browser. All that needs to be done now is to change the User Agent of the browser to the User Agent of the iPhone's browser.

The User Agent of the iPhone browser is Mobile Safari 1.1.3 - iPhone. A user with Firefox or Opera can now easily change his User Agent to the one used by the iPhone to access the Internet without costs at every AT&T hotspot. One possible add-on that can be used for Firefox would be the User Agent Switcher.

User Agents are definitely not a secure way to protect a network or website from unauthorized access. The same can be said for referrer checks which are as insecure. It probably will only be a matter of time before AT&T decides to change the way the free access is granted. Probably through a small application that needs to be run on the iPhone instead or by adding other types of verification to the process.

Update: It is unlikely that this hole will remain open for too long though.

 

 

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. Dante said on May 3, 2008 at 5:19 am
    Reply

    Now, THIS, I have to try. Might even set up a man-in-da-middle hack to see what the mactards out there are doing :)

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.