automatic connect to _unsecured_ network should not be possible

I posted my question already at but 
didn't get a satisfying answer. Here's what i wrote:

Im not sure whether to file a bug (or enhancement) for the following 
Suppose you are connected to a _secured_ AP with SSID "XYZ". Fine. Now - 
for any reason - this AP is not running/visible/..., but another 
_unsecured_ AP "XYZ" (same SSID!) is available. (Maybe it is 
neccessary, that it uses the same MAC address. Due to lack of 
hardware/knowledge i can't verify that).
Knetworkmanager automatically connects to that unsecured network, while 
the user is still thinking using the normal secured network. A security 
I don't know, if it is possible to "overlay/hide" a network (using more 
power, another channel...)
I tested this behaviour with the same AP: first i created a WPA2 secured 
AP and connected to that. Then i changed the AP to be unsecured. After 
a reboot of my computer, knetworkmanager connects without any warning.
So in my test scenario "both" APs are using the same MAC addresse. But 
for a real "attack" this should be no problem.
It seems that it is sufficient to unplug the power cable of my 
neighbours AP in a very short, unobserved moment, while providing 
a "backup" AP with same SSID/MAC at the same time...
I posted the same question at 
and recieved an answer which i understand to be a confirmation of my 
concern. But still my question where to file a bug report is not 
completly answered. What's your opinion?

Best regards,

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]