EFF: iOS 11’s misleading “off-ish” Bluetooth, Wi-Fi setting bad for user security

Written by

Electronic Frontier Foundation blog:

Turning off your Bluetooth and Wi-Fi radios when you’re not using them is good security practice (not to mention good for your battery usage). When you consider Bluetooth’s known vulnerabilities, it’s especially important to make sure your Bluetooth and Wi-Fi settings are doing what you want them to. The iPhone’s newest operating system, however, makes it harder for users to control these settings.

We’ve discussed the Control Center controls and icons in this Loop post.

In a nutshell, when you tap the WiFi or Bluetooth icons in Control Center, you’ll drop/restore the current connection, but without turning off the respective radio. And that’s the EFF’s complaint.

Instead, what actually happens in iOS 11 when you toggle your quick settings to “off” is that the phone will disconnect from Wi-Fi networks and some devices, but remain on for Apple services. Location Services is still enabled, Apple devices (like Apple Watch and Pencil) stay connected, and services such as Handoff and Instant Hotspot stay on.

All true.

Apple’s UI fails to even attempt to communicate these exceptions to its users.

A small point, but I disagree with this. Once you see the difference between the off icon state and the disconnected state, it’s clear what’s going on. There’s also helper text, like “Disconnected from XXX”, where XXX is your WiFi network name.

The more important issue:

It gets even worse. When you toggle these settings in the Control Center to what is best described as”off-ish,” they don’t stay that way. The Wi-Fi will turn back full-on if you drive or walk to a new location. And both Wi-Fi and Bluetooth will turn back on at 5:00 AM. This is not clearly explained to users, nor left to them to choose, which makes security-aware users vulnerable as well.

The only way to turn off the Wi-Fi and Bluetooth radios is to enable Airplane Mode or navigate into Settings and go to the Wi-Fi and Bluetooth sections.

My two cents? Make the controls default to the safest possible behavior, then expose settings that allow me to go to a more relaxed, less secure state for a specific benefit (battery savings, better communications, etc.)

UPDATE: As pointed out by my unrelated name-sharer and Loop reader Jason Mark, Airplane Mode does not impact the WiFi or Bluetooth radios, as EFF claims. An easy mistake, but worth clarifying. Give this a try on your iOS 11 device.