"Stalker" App Eavesdrops on iPhone Traffic
A researcher has found that Apple iOS products broadcast the previous three MAC addresses of those routers/access points you last connected to. Researcher Mark Wuergler of Immunity found that these MAC addresses can then be matched their geographic location allowing an attacker could figure out where your home is, your office might be, and what Starbucks you frequent. This is not a feature that Apple users can disable.
Microsoft has a similar feature in Windows that stores frequently used access points. The point is to speed re-connection the next time you encounter the access point. But Microsoft stopped broadcasting this list since the release of Windows XP SP3, passively recognizing a frequently used access points instead. Apparently Apple needs to follow Microsoft's lead.
To illustrate his point, Wuergler created an app known as "Stalker." Running on a laptop, Stalker collects MAC address leakage from Apple iOS products. But Wuergler also found that he could collect the unencrypted data on those networks as well, so Stalker also collects passwords, images, email and any other unencrypted data following from your iOS-based phone or tablet, organizing the data into an easy-to-read graphical user interface. Thus, he's able to see what you see on your Apple phone or tablet when using a WiFi connection.
From Ars Technica:
Stalker relies on what its author calls a “Man Within Range of You” attack. Unlike man-in-the-middle exploits—in which a hacker sits between the victim and the site he’s connecting to and monitors or tampers with data as its passed from one to the other—the app plucks data from radio signals transmitted in the vicinity of the smartphone and relies on the same airwaves to broadcast spoofed information back to the targeted device. When successful, so-called race conditions work by zapping the falsified data to the target before the legitimate source can.
Wuegler told Ars Technica, "I do use my phone on wireless networks, but I don't store a lot of personal data on my phone." He continued, "If you put your personal data on there, you don't even need to be connected to a wireless network for me to be able to break into your phone."