|
|
|
|
|
|
by willhackett
721 days ago
|
|
|
Exactly this. Apple devices in fact use a domain https://captive.apple.com/ to detect when to redirect to a captive portal which will grant the user access to the internet. HTTPS isn't used here because the captive experience is to re-write all DNS lookups to a local IP to serve the captive experience. This experience would just redirect the user to a site they've never been to before, say: wa-man-likes-your-data.com. This could have a legitimate signed cert from anywhere and look legitimate to the device with a lock icon. Put the airline's logo and a form for PII, wait a couple of hours and you've collected a plane load of data. I used to think about doing something similar but as an education campaign. Similar to Phishing Simulators at large corporates, I had the idea to display a captive page that explained what the user did and how they can learn to avoid it in future. Apple & Google should really make it clearer on phones that users are joining untrusted networks, especially any network not implementing Wi-Fi Certified Passpoint (Hotspot 2.0). |
|
|
so that the captive portal can intercept and write their own login.