Apple and AT&T Will Learn that User Agents are no good for access control

Status
Not open for further replies.

Osiris

Golden Master
Messages
36,817
Location
Kentucky
Apple iPhone users can access the Internet free of charge through AT&T hotspots, that's what Macrumors is reporting. That's a great additional feature for iPhone users and apparently for everyone else as well. The way of determining if a device is eligible for free access is by checking the User Agent of the device. We all know what it is very easy to spoof the User Agent of any browser. All that needs to be done now is to change the User Agent of the browser to the User Agent of the iPhone's browser.
The User Agent of the iPhone browser is Mobile Safari 1.1.3 - iPhone. A user with Firefox or Opera could now easily change his User Agent to the one used by the iPhone to access the Internet without costs at every AT&T hotspot. One possible add-on that can be used for Firefox would be the User Agent Switcher.
User Agents are definitely not a secure way to protect a network or website from unauthorized access. The same can be said for referrer checks which are as insecure. It probably will only be a matter of time when AT&T decided to change the way the free access is granted to the iPhones only. Probably through a small application that is run on the iPhone instead.

Apple and AT&T Will Learn that User Agents are no good for access control
 
Status
Not open for further replies.
Back
Top Bottom