There’s an easy workaround to a vulnerability in iOS 11 that alarmed privacy advocates at the EFF.
Last week the Electronic Freedom Foundations’ Andrés Arrieta sounded the alarm about a security loophole in iOS 11:
On an iPhone, users might instinctively swipe up to open Control Center and toggle Wi-Fi and Bluetooth off from the quick settings. Each icon switches from blue to gray, leading a user to reasonably believe they have been turned off—in other words, fully disabled. In iOS 10, that was true. However, in iOS 11, the same setting change no longer actually turns Wi-Fi or Bluetooth “off.”
Instead, what actually happens in iOS 11 when you toggle your quick settings to “off” is that the phone will disconnect from Wi-Fi networks and some devices, but remain on for Apple services. Location Services is still enabled, Apple devices (like Apple Watch and Pencil) stay connected, and services such as Handoff and Instant Hotspot stay on. Apple’s UI fails to even attempt to communicate these exceptions to its users.
It gets even worse. When you toggle these settings in the Control Center to what is best described as”offish,” they don’t stay that way. The Wi-Fi will turn back full-on if you drive or walk to a new location. And both Wi-Fi and Bluetooth will turn back on at 5:00 AM. This is not clearly explained to users, nor left to them to choose, which makes security-aware users vulnerable as well…
Closing this loophole would not be a hard fix for Apple to make.
My take: These control settings clearly ARE misleading. Arrieta is right about that. Whether access to Apple Watch, Hotspot and Location Services constitutes a real security threat is harder to say.
What is clear are Apple’s instructions for turning off Wi-Fi and Bluetooth:
Turn off Wi-Fi and Bluetooth
If you want to completely disable Wi-Fi and Bluetooth for all networks and devices, follow these steps:
- To turn off Wi-Fi, go to Settings > Wi-Fi and turn off Wi-Fi.
- To turn off Bluetooth, go to Settings > Bluetooth and turn off Bluetooth.
Note: These instructions were posted two weeks before Arrieta’s EFF piece. I found them on Apple.com under Use Bluetooth and Wi-Fi in Control Center with iOS 11.