This fault in mobile devices was recently covered in a LinkedIn Pulse article by Niels Kunis. I wanted to do it a little more comprehensively.
When your phone connects to an open WiFi network, it remembers that network afterward. An automatic connection occurs if it ever detects that network again.
For secured networks this isn't a big deal. Your phone reconnects based on the network name and key being the same.
But for unsecured networks, your phone only checks for the name.
I used to be a serious WiFi hopper at McDonald's - for reasons I'll be more vocal about once a 5-year statute of limitation is up - and their free network was always "attwifi."
Connect to attwifi at one McDonald's, your phone will automatically connect from now on at any McDonald's.
Convenient right? Except, what if I set up a portable malicious hotspot called attwifi? I'm carrying it around in a backpack or whatever. Your phone connects automatically. Now it's not much of a leap to do bad things to your phone.
Tools of the trade
Step for a minute into the shoes of someone who wants to take advantage of this, instead of protect against it.
You're going to want a WiFi Pineapple. Then set up an open wireless network with an SSID appropriate for who you want to target.
People who have used McDonald's WiFi before? attwifi.
St. John's studens? sjustudent, sjumobile, or one of their other networks. There are a bunch.
On your Pineapple you'll want to at least employ dsniff, karma and sslstrip. This is a good tutorial focusing on the latter two.
If you don't have a Pineapple, similar results could be achieved with through a laptop with mobile hotspot capabilities.
Or, you know, laptop and router. But portability is a big part of running this scheme successfully.
For any mobile device, you can turn off your WiFi when not on a network you absolutely trust. Have your phone "forget" open networks after you connect to them.
If you're running Android, the app Open WiFi Cleaner automates this for you. It's rather basic but gets the job done.
There isn't anything like this on iOS because Apple disallows apps from changing wireless settings.
Your phone is trusting to a fault.
Open wireless networks shouldn't be judged by their SSIDs.
A little paranoia beats having your identity or Bitcoin stolen, opening yourself up to blackmail, etc.