Any wireless network can be posed as an AT&T Wi-Fi hot spot and thus trick iPhone users into an untrusted network connection making them vulnerable to attack. Iphones can be subject to such "man-in-the-middle" attacks because the devices are preconfigured to associate attwifi as AT&T Wi-Fi hotspots.
If an iPhone had been previously connected to an AT&T Wi-Fi zone then the device will ignore the MAC address requirement for automatic connection. No other form of authentication would be needed for the device to trust the network. As iPhones auto join the "hotspot" connection named attwifi, a would-be attacker could easily redirect the devices or steal credentials as they go to websites or more.
Solution: It is possible to disable the automatic joining of the AT&T Wi-Fi network, but you must be connected to such a network in order to change the preference.
Source: https://news.cnet.com/8301-27080_3-20003455-245.html?tag=mncol;txt
Samy Kamkar: an independent researcher based in Los Angeles