Apple Says ‘KRACK’ Wi-Fi Vulnerabilities Are Already Patched in iOS, macOS, watchOS, and tvOS Betas

Apple has already patched serious vulnerabilities in the WPA2 Wi-Fi standard that protects many modern Wi-Fi networks, the company told iMore‘s Rene Ritchie this morning.

The exploits have been addressed in the iOS, tvOS, watchOS, and macOS betas that are currently available to developers and will be rolling out to consumers soon.

A KRACK attack proof-of-concept from security researcher Mathy Vanhoef

Disclosed just this morning by researcher Mathy Vanhoef, the WPA2 vulnerabilities affect millions of routers, smartphones, PCs, and other devices, including Apple’s Macs, iPhones, and iPads.

Using a key reinstallation attack, or “KRACK,” attackers can exploit weaknesses in the WPA2 protocol to decrypt network traffic to sniff out credit card numbers, usernames, passwords, photos, and other sensitive information. With certain network configurations, attackers can also inject data into the network, remotely installing malware and other malicious software.

Because these vulnerabilities affect all devices that use WPA2, this is a serious problem that device manufacturers need to address immediately. Apple is often quick to fix major security exploits, so it is not a surprise that the company has already addressed this particular issue.

Websites that use HTTPS offer an extra layer of security, but an improperly configured site can be exploited to drop HTTPS encryption, so Vanhoef warns that this is not a reliable protection.

Apple’s iOS devices (and Windows machines) are not as vulnerable as Macs or devices running Linux or Android because the vulnerability relies on a flaw that allows what’s supposed to be a single-use encryption key to be resent and reused more than once, something the iOS operating system does not allow, but there’s still a partial vulnerability.

Once patched, devices running iOS, macOS, tvOS, and watchOS will not be able to be exploited using the KRACK method even when connected to a router or access point that is still vulnerable. Still, consumers should watch for firmware updates for all of their devices, including routers.

Ahead of the release of the update that addresses the vulnerabilities, customers who are concerned about attacks should avoid public Wi-Fi networks, use Ethernet where possible, and use a VPN.

How Apple, Google and Microsoft are addressing the KRACK Wi-Fi vulnerability

Ah, WPA2 (Wi-Fi Protected Access): you’ve protected our Wi-Fi so well for so many years now.

Unfortunately, that illusion of safety was shattered earlier today when security researcher Mathy Vanhoef reported a vulnerability in the WPA2 handshake protocol that he’s calling KRACK (for “Key Reinstallation Attack). Since almost every modern Wi-Fi device uses it, that effectively means every modern Wi-Fi compatible device is vulnerable. You’ll find more information about it in our earlier coverage.

Fortunately, Apple, Google and Microsoft have all already issued statements saying they’ve addressed the issue in some form or another. 

Microsoft, in fact, has already addressed the vulnerability, along with an exhaustively detailed list of the changes it made. You should be able to protect your PC or any other Windows-powered device with a simple update.

“Microsoft released security updates on October 10th and customers who have Windows Update enabled and applied the security updates, are protected automatically,” the company said in a statement. “We updated to protect customers as soon as possible, but as a responsible industry partner, we withheld disclosure until other vendors could develop and release updates.”

  • Check out our best VPN guide; any of the top-rated VPN services is likely to be good enough to protect you, even with KRACK around.

Apple informed Rene Ritchie of iMore that it had already patched the vulnerability in the betas for iOS, tvOS, watchOS and macOS. However, these betas are still largely only available to developers, but they should, hopefully, go out to consumers relatively soon.

Google, meanwhile, said that it is working on resolving it.

“We’re aware of the issue, and we will be patching any affected devices in the coming weeks,” the Mountain View, California company said in a statement to CNET.

The Wi-Fi Alliance, a nonprofit agency that certifies products for Wi-Fi security, announced that it would start testing for the vulnerability as part of its standard program.

“Wi-Fi Alliance now requires testing for this vulnerability within our global certification lab network and has provided a vulnerability detection tool for use by any Wi-Fi Alliance member,” the organization said in its statement. “Wi-Fi Alliance is also broadly communicating details on this vulnerability and remedies to device vendors and encouraging them to work with their solution providers to rapidly integrate any necessary patches.”  

The agency also said in the same statement that a “straightforward software update” should fix the issue, and the actions being taken by Microsoft, Apple and Google seem to confirm that.

So, if you’re using an iOS or Android device, try to stay off of public Wi-Fi networks for now. If you absolutely must use public Wi-Fi, make sure you stick to secured sites that have HTTPS in their web address. And, of course, hope that Google and Apple roll out their patches soon.

  • Need a new Wi-Fi router? Black Friday could be the best time to buy one

Wifi WPA2 security cracked: Android & Linux most vulnerable, but iOS and macOS too [Video]

WPA2 – the encryption standard that secures all modern wifi networks – has been cracked. An attacker could now read all information passing over any wifi network secured by WPA2, which is most routers, both public and private.

Android and Linux are particularly vulnerable, being described as ‘trivial’ to attack, but all other platforms are vulnerable too, including iOS and macOS …

NordVPN

The flaw in WPA2 was discovered by Mathy Vanhoef, a postdoc security researcher in the computer science department of the Belgian university KU Leuven.

We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks […] Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks […]

The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected […] If your device supports Wi-Fi, it is most likely affected. During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks

A proof of concept shows an attack against an Android smartphone, as devices running Android 6.0 or higher are especially vulnerable. In addition to allowing data to be decrypted, they can also be easily fooled into resetting the encryption key to all zeroes.

However, Vanhoef emphasizes that all platforms are vulnerable, and that although attacking Macs proved a tougher challenge initially, he has since found a much easier way to do it.

We can take some comfort from the fact that the attack only decrypts data encrypted by the wifi connection itself. If you are accessing a secure website, that data will still be encrypted by the HTTPS protocol. However, there are separate attacks against HTTPS that could be employed.

The attack works by exploiting the comms that goes on when a device joins a wifi network. There is a 4-step process used to confirm first that the device is using the correct password for the wifi router, and then to agree an encryption key that will be used for all the data sent between them during the connection.

In a key reinstallation attack, the adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstalls the key, associated parameters such as the incremental transmit packet number (i.e. nonce) and receive packet number (i.e. replay counter) are reset to their initial value. Essentially, to guarantee security, a key should only be installed and used once. Unfortunately, we found this is not guaranteed by the WPA2 protocol. By manipulating cryptographic handshakes, we can abuse this weakness in practice.

The practical implication of this is, if you know any of the contents of the data that have been sent between the device and the router, you can use that known data to work out the encryption key. As Vanhoef points out, there is almost always going to be known data being passed at some point, so you have to assume that the encryption can always be cracked. Even if you don’t know any of the content, a sufficient volume of English text would be enough to break the encryption.

With Android and Linux, an attacker doesn’t even have to do that much work: the attacker can simply reset the encryption key.

The good news is that Vanhoef says that WPA2 can be patched to block the attack, and the patch will be backward compatible. Once a patch is available for your router, you should update the firmware without delay.

The Wi-Fi Alliance has issued a security advisory thanking Vanhoef for his work, stating that it is aware of the issue and that major platform providers have already started deploying patches. It says there is no evidence that the attack has been used in the wild, though the research paper notes that such attacks would be difficult to detect.

TPCAST Announces Wi-fi Aid for Oculus Rift

SAN JOSE, Calif.–(Enterprise WIRE)–Oculus Link (OC4) – TPCAST, the leader in wireless digital
reality (VR) know-how, announced right now that it is functioning on a
wireless adapter for the Oculus Rift headset. TPCAST is the very first to
introduce a business Wi-fi Adapter for Virtual Reality, which
preserves the video clip quality and application functionality. The TPCAST
option has been shipping and delivery in output and demonstrating high video clip
quality and low latency.

The present-day high-conclusion VR HMDs are pushed by a cable transmitting the
video clip, voice, data, and electric power utilizing HDMI, USB, and electric power connectors.
The major-responsibility wire limitations the VR expertise by tying the person to a
server and proscribing the liberty of motion. With the TPCAST wireless
option, Rift users will attain an improved expertise, as they roam
all over freely and perform online games, though preserving the same high quality as
a conventional wired relationship.

“TPCAST is dedicated to guidance the Oculus Rift HMD with our one of a kind
wireless know-how solutions, and supply VR users a high-quality,
immersive VR come upon,” said Michael Liu, TPCAST CEO. “With the
TPCAST wireless adapter, we will be transforming the VR usage and expertise
by delivering the full liberty of motion with no cables hooked up.”

The wireless adapter supports 2K video clip transmission at 90Fps with sub
2ms latency. The adapter comes with a battery to electric power the headset and
the wireless module and can previous for 5 hrs of operation. This wireless
adapter gives company content material developers the liberty to make much more
impressive content material in numerous industries which include automotive, healthcare,
oil & gasoline, true estate and much more.

“We have been applying the TPCAST wireless option everyday for the past
thirty day period and it truly can take VR experiences to the following amount. TPCAST
guidance for Oculus Rift, a person of the top HMD distributors, is a excellent acquire
for the full VR local community,” explained Karl Krantz, CEO of SVVR.

Item Availability

TPCAST has been shipping and delivery the know-how in China for the past 6 months
and is concentrating on on owning the Wi-fi Adapter for Oculus Rift
obtainable by the conclusion of Q4 2017.

About TPCAST:

Creator of the very first business wireless digital reality option,
TPCAST’s vision is to unleash the VR environment by taking away cables now
built-in to all VR/AR/MR head-mounted shows (HMDs). The company’s
patent-pending systems allow hugely economical bi-directional
communications involving the Computer system and a VR HMD with close to-zero latency. The
firm has its mental assets legal rights in the fields of wireless
communications and digital reality. Its mission is to operate with all
functions in the VR marketplace which include HMD manufacturers, recreation developers,
content material providers, GPU makers, and important VR know-how providers to
provide the best wireless VR expertise to buyers and company
users.

Oculus’ prototype Santa Cruz headset feels like a wi-fi Oculus Rift

Upcoming calendar year, developers will start off actively playing with Oculus’ next-technology VR headset: a wi-fi method codenamed Santa Cruz. Facebook VR chief Hugo Barra stresses that Santa Cruz is a prototype, not a business product. But he tells The Verge it’s “very representative” of exactly where the business is heading, and “realizable” as a consumer headset. So in a number of several years, Oculus hopes to offer one thing that delivers a whole lot of higher-end Rift characteristics, but without having any of the intricate set up, or the want for a independent Laptop.

At this year’s Oculus Hook up clearly show, the business hustled reporters by a speedy Santa Cruz demonstration, wanting to clearly show that the know-how is effective. As generally, these demos were being really managed, tailored to spotlight Santa Cruz’s strengths and avoid demonstrating its flaws. But as considerably as I can tell, Santa Cruz does work. It’s the most promising VR headset I have attempted this calendar year, even if it’s way far too early to get psyched about a consumer release.

Like final year’s Santa Cruz prototype, this headset appears to be like a whole lot like a wi-fi Rift, and tracks motion with huge-angle cameras all-around its edges. Oculus has launched a softer condition with rubber straps, as perfectly as a pair of movement controllers, which are geared up — like the existing Oculus Contact controllers — with infrared LEDs that people cameras can track.

When it’s difficult to make direct comparisons in such a quick demo, Santa Cruz feels heavier than the Rift, but not as chunky or entrance-loaded as Oculus’ Equipment VR. The display and discipline of view come to feel similar to the Rift’s, and the controllers have similar ergonomics to Contact, while the structure is simplified and the 50 percent-moon monitoring strip has been flipped earlier mentioned the wearer’s fingers, so it’s simpler for a head-mounted camera to see.

Technically, I obtained two demos with Santa Cruz: a hangout session with Oculus’ doggy-like alien “mascot” Bogo, and a shootout in the Rift’s Wild West gunslinging activity Dead and Buried. The two felt practically indistinguishable from utilizing a Rift. I suffered a couple of small glitches — the floor seemed indescribably “off” for a person split second when I was picking up a adhere, and my fingers would drift if I set them at the very edge of my peripheral vision — but for any organic movement the video games required, I was high-quality.

This may possibly not mirror Santa Cruz’s authentic-globe overall performance, due to the fact Oculus set me in a perfectly-lit space with a patterned flooring, featuring plenty of edges for a monitoring camera to detect. But Santa Cruz matched the Rift’s monitoring abilities there, and was in fact superior than the Rift’s basic two-camera set up, which just can’t track controllers if you’re blocking its view.

The encounter felt similar to utilizing Microsoft’s Home windows Blended Truth headsets, which also characteristic within-out monitoring and movement controllers. But Santa Cruz presents the independence of a certainly wi-fi headset, and Oculus’ controllers are considerably a lot more cozy and less cluttered than Microsoft’s. (I only employed the triggers in my demo, nevertheless, so I have not examined the trackpad — which, due to the fact it’s a main new characteristic, is a minor frustrating.) By contrast, it’s a whole lot a lot more formulated than Google’s within-out monitoring headset, at minimum when I attempted it before this calendar year.

Santa Cruz is less potent than a VR-completely ready Laptop, while its actual components is a secret. Neither of my demos showcased big or semi-photorealistic environments, so I’m not positive just how large the overall performance hole is. Barra states developers can produce “very similar ordeals to what they get on Rift,” but with a decrease polygon rely and less “scene complexity.” I talked to a couple of developers all through Rift demos later, and both seemed confident about porting their video games to Santa Cruz, with some optimization.

The Rift and Equipment VR are driven by desktops and telephones, but we don’t know how Santa Cruz’s operating method will work, or how open it will be. “You’ve seen some of the things that we have carried out on Rift lately to permit people, specially electric power people — if they want to carry applications from other resources, they can,” explained Barra, when I asked if Oculus’ cell headsets would be walled gardens. “We’re quite committed to that idea, for the reason that we just really like the simple fact that electric power people really like our system.”

Barra states that we’ll be mastering a lot more about Santa Cruz in a number of months, and developers should to be utilizing it quickly following that. For now, it truly does come to feel like a rough variation of a purposeful consumer headset. In simple fact, I’d be delighted to use it correct now — if (and which is a large if) its day to day overall performance is as good as my demos.

In iOS 11, toggling Wi-Fi and Bluetooth ‘off’ doesn’t work. Here’s why.

Apple users have unwittingly discovered a new feature after installing iOS 11 on their mobile devices: when you toggle your Wi-Fi and Bluetooth quick settings to “off” those services remain on for Apple services.

For example, Location Services is still enabled, and Handoff and Instant Hotspot stay on, even when iPhones and iPads are put in “Airplane Mode.”

The change in iOS 11 has come under criticism because it could expose users to security risks.

Because iOS 10 allowed users to perform a quick swipe in the Control Center to toggle Wi-Fi and Bluetooth fully off, users reasonably believe they had the same capability in iOS 11.

In in a blog post, the Electronic Frontier Foundation (EFF) criticized Apple for failing “to even attempt to communicate these exceptions to its users.”

In addition to not fully turning off Wi-Fi and Bluetooth, iOS 11 also automatically reactivates the latter at 5 a.m. the following day.

“When you consider Bluetooth’s known vulnerabilities, it’s especially important to make sure your Bluetooth and Wi-Fi settings are doing what you want them to,” the EFF said. “This is not clearly explained to users, nor left to them to choose, which makes security-aware users vulnerable as well.

“It gets even worse,” the EFF continued. “When you toggle these settings in the Control Center to what is best described as ‘off-ish,’ they don’t stay that way. The Wi-Fi will turn back full-on if you drive or walk to a new location.”

Apple has not commented publicly on the connectivity issue. But after Computerworld requested a comment about the issue via email, Apple directed it to a support document explaining the use of Bluetooth and Wi-Fi in Control Center with iOS 11.

In order to completely disable Wi-Fi and Bluetooth for all networks and devices, users must now go to “Settings” and turn each one off individually.

Apple did not say, when asked, whether it plans to change the Control Center functions back to those used in iOS 10 to ensure users can fully disable local network connections with a simple swipe.

Apple’s new support document explains that while an iOS device will immediately disconnect from Wi-Fi and Bluetooth accessories using the on-off toggle swipe, both Wi-Fi and Bluetooth will continue to be available, “so you can use these important features.”

The document lists all the features that will continue to operate even while Airplane Mode is activated. Those services include: AirDrop, AirPlay, Apple Pencil and Apple Watch, along with Continuity features such as Handoff, Instant Hotspot and Location Services.

“When a phone is designed to behave in a way other than what the UI suggests, it results in both security and privacy problems,” EFF said. “A user has no visual or textual clues to understand the device’s behavior, which can result in a loss of trust in operating system designers to faithfully communicate what’s going on.”

Because mobile users rely on the operating system as the bedrock for most security and privacy decisions, no matter what app or connected device they may be using, “this trust is fundamental,” the EFF said.

“In an attempt to keep you connected to Apple devices and services, iOS 11 compromises users’ security. Such a loophole in connectivity can potentially leave users open to new attacks. Closing this loophole would not be a hard fix for Apple to make.

“At a bare minimum, Apple should make the Control Center toggles last until the user flips them back on, rather than overriding the user’s choice early the next morning,” the privacy group said.

Charles Golvin, a research director for Gartner, said Apple’s choice to passively enable Wi-Fi and Bluetooth behind the scenes is unusual for a company that prides itself on offering transparent and predictable device behaviors.

“It’s kind of counter to Apple’s DNA,” he said.

While the new settings don’t open up new security risks, what they do is expose users to known Wi-Fi and Bluetooth connectivity issues.

For example, a Bluetooth-enabled device is almost always listening for unicast traffic targeted to it, even when it is not set on “discoverable mode,” according to a study by Armis Labs. “For this reason, to establish a connection, the initiating party only needs to know the [Bluetooth device address, MAC address] of the target device. Once an attacker acquires it, and is in physical proximity of the device (RF range) he or she can reach the surprisingly wide attack surface of its listening Bluetooth services.”

“Essentially, it comes down to both data being exposed and connections being established that are potentially uninvited or unwanted,” Golvin said.

Over time, he said, users will likely learn more about the new Wi-Fi and Bluetooth connectivity settings in iOS 11 – and users who care enough about them will no longer inadvertently leave them on.

IDC analyst William Stofega, however, said “you can’t have a device that people don’t understand what’s happening on it.”

The changes Apple made to wireless functions in iOS 11 were intentional in order to capture data and ensure mobile connectivity to an ever-growing universe of Apple applications, Stofega said.

While having Wi-Fi and Bluetooth continuously on is a convenience at home or in the office because they can seamlessly connect to common apps, when at a coffee shop, retail store or on an airplane, the feature leaves a mobile user open to spyware.

It’s also a drain on the iPhone’s battery and creates a situation where the phone or tablet is constantly “switching back and forth” among cellular, Bluetooth and Wi-Fi connections, Stofega said.

“I think what Apple could have done is explained what the heck is going on,” he said.

A recent analysis of 50,000 mobile devices by online security gateway provider Wandera revealed the battery decay rate of iOS 11-enabled devices has been  significantly higher compared to iOS 10 devices out of the gate.

A newer analysis by Wandera – done after Apple pushed out improvements with 11.0.1 and iOS 11.0.2 – “suggests improvements in iOS 11 battery life are on the horizon.”

Regarding the problem of not fully explaining “what the heck is going on” in iOS 11 in terms of Wi-Fi and Bluetooth connections, Stofega said: “I’ve been on planes with iOS 11 and you can see everybody. There’s a lot of different tools…that at the very least can pick up sign-in or log-in information. Whenever you have something you’re not aware of on a device that is automatically connecting you to something, it’s not a good thing.

“The fact that you have to go online to look for articles about how to actually turn your device off when using iOS 11,” Stofega continued. “is an issue.”

Join the newsletter!

<!– The daily dose of tech, dev, networking stuff –>

Error: Please check your email address.

Tags Apple

More about AppleEFFElectronic Frontier FoundationGartner

How to Truly Switch off Wi-Fi and Bluetooth in iOS 11

Apple may have tried to make things a little easier with its iOS 11 Control Center, but not everything was designed keeping the end user in mind. The new iOS 11 introduces a new “off-ish” behavior for Bluetooth and WiFi connections. For those of our readers who may be wondering why WiFi and Bluetooth stays on when they have turned them off in the Control Center, the toggles from the Control Center “disconnect” them from existing connections, but don’t completely turn them off.

Both the WiFi and Bluetooth will continue to be available, so user can stay connected to Apple services, including AirDrop, Apple Watch, Apple Pencil, and other similar products and features. An obvious security disaster considering how attackers are trying to infect products using WiFi and Bluetooth, the move has drawn criticism from both the public and security experts.

How to make sure you are actually turning off iOS 11 Bluetooth & WiFi

While we are hoping Apple sends a “fix” to this issue, until that happens here is how to make sure you are actually turning Bluetooth and WiFi off.

1. Get Siri to do the work for you

Right now, this is the most straight forward and simple way to get both the WiFi and Bluetooth turned off without having to go through the pain of opening up Settings. Just fire up Siri and ask it to “switch off Bluetooth” or “turn off WiFi.”

Since Siri turns these toggles off directly from the Settings app and not the Control Center, the connectivity actually turns off and not just “off-ish.”

2. The obvious: go to Settings

If you are not a Siri lover, you can manually head over to Settings to turn Bluetooth and WiFi off.

  • Go to Settings Wi-Fi > toggle it off.
  • Go to Settings > Bluetooth > toggle it off.

3. Use AirPlane Mode

For those who have become so used to having these toggles right in the Control Center that they can’t just imagine going through Settings, we hear you. You can also choose to enable AirPlane Mode that does indeed disable WiFi and Bluetooth completely.

  • Swipe up the Control Center.
  • Tap on Airplane mode.
  • If you don’t want to be disconnected from all services, tap on Bluetooth or Wi-Fi that you want to switch back on.

It would be easier to just swipe the Control Center up and turn off these connections from there, however, until Apple “reintroduces” this behavior, we will have to rely on these workarounds to make sure these connections don’t take a toll on the battery life or open our devices to malware attacks.



Submit

How to stop your Mac from auto-connecting to a Wi-Fi network

How to stop your Mac from auto-connecting to a Wi-Fi network | Macworld<!– –><!–
–>


Wi-Fi icon

tejasp
(CC0)

“);});try{$(“div.lazyload_blox_ad”).lazyLoadAd({threshold:0,forceLoad:false,onLoad:false,onComplete:false,timeout:1500,debug:false,xray:false});}catch(exception){console.log(“error loading lazyload_ad “+exception);}});

Wi-Fi hotpots: As convenient as they are, they can be very annoying, as well. Especially when you’re using a Mac or iPhone that’s trying to connect to a hotspot when you don’t want it to.

Macworld reader Martin Joseph wants to ditch one company’s Wi-Fi hotspot in particular:

I wonder if you can figure out a way to set a Mac to never ever connect to Xfinity Wi-Fi? It would be great to eliminate this in my iPhone, too. I have found that deleting it from the list of known networks isn’t the best choice, and I usually resort to leaving it, but at lowest priority.

Apple’s Wi-Fi network control in macOS became kind of primitive many releases ago, and then Apple made it worse, removing a few features that haven’t returned. You can delete networks, as Martin notes:

  1. Open the Network system preference pane.
  2. Click your Wi-Fi entry in the adapter list at left.
  3. Click the Advanced button.
  4. In the Wi-Fi tab, select a network or networks you want to remove, and click the minus (-) sign.
  5. Click OK, and then click Apply.

You can also rearrange connection priority in step 4, so that you put preferred networks on top. This scrolling list can wind up with hundreds of entries, as they collect over time, and there’s no way to search through the list, see when the network was added, get geographic information about them, or any other data.

What Martin might be encountering is iCloud-based sync for Wi-Fi network entries. If you have iCloud Keychain enabled, every Mac and iOS device logged into the same iCloud account syncs all Wi-Fi network passwords. You may have noticed this if you log in to a hotspot at a cafe that has a password on your Mac, and then turn to an iPhone—it’s already synced the password over the cellular network, and has connected to the local network.

However, it’s possible that deleting network entries from macOS doesn’t remove the corresponding Keychain entries that are being synced, and thus when an iPhone connects to an Xfinity network, the connection details are synced back. (Xfinity uses a web-based login process, but I believe Apple passes that information to its hotspot login system, which intercepts portal screens and fills them with stored information.)

mac 911 keychain wi fi loginIDG

Keychain Access lets you peer into stored passwords for logins, including for Wi-Fi portals.

A way to test this and potentially solve this persistent problem is to use Keychain Access in macOS, as you can’t manage Keychain entries directly in iOS. (You can “forget” a network via Settings > Wi-Fi > tap a network in the vicinity and then tap Forget This Network and confirm. But it may not delete the Keychain entry, either.)

Follow these steps:





EFF criticizes iOS 11’s ‘misleading’ Bluetooth and Wi-Fi toggles for being a privacy and security risk

ios-11-control-center

The strange, unintuitive way Bluetooth and Wi-Fi toggles work in iOS 11 has drawn ire from many quarters. The latest voice is that of digital right group the Electronic Frontier Foundation (EFF) which says that the “off-ish” setting now offered is misleading.

As we have covered in a previous story, Apple has changed the behaviour of the two toggles so that when they are flicked to the off position, the Bluetooth and wireless radios are not actually switched off. EFF says that this is “bad for user security” and calls for greater clarity from Apple.

See also:

As EFF points out, recent Bluetooth vulnerabilities mean that it is good practice to disable both Wi-Fi and Bluetooth are disabled when not in use. The group goes on to reiterate the problem introduced in iOS11 so that flicking the toggles to the off position actually just disconnects from networks and devices.

What actually happens in iOS 11 when you toggle your quick settings to “off” is that the phone will disconnect from Wi-Fi networks and some devices, but remain on for Apple services. Location Services is still enabled, Apple devices (like Apple Watch and Pencil) stay connected, and services such as Handoff and Instant Hotspot stay on. Apple’s UI fails to even attempt to communicate these exceptions to its users.

It gets even worse. When you toggle these settings in the Control Center to what is best described as “off-ish,” they don’t stay that way. The Wi-Fi will turn back full-on if you drive or walk to a new location. And both Wi-Fi and Bluetooth will turn back on at 5:00 AM. This is not clearly explained to users, nor left to them to choose, which makes security-aware users vulnerable as well.

EFF says that the unintuitive way the toggles works represents a security and privacy problem. It says that Apple is placing users at risk by trying to keep them connected to Apple devices and services. It is a loophole, EFF suggests, that Apple could very easily fix.

At a bare minimum, Apple should make the Control Center toggles last until the user flips them back on, rather than overriding the user’s choice early the next morning. It’s simply a question of communicating better to users, and giving them control and clarity when they want their settings off — not “off-ish.”

iOS 11: 3 ways to really switch off Wi-Fi and Bluetooth

Many iPhone and iPad users are annoyed at Apple’s decision to change the way Control Center’s Wi-Fi and Bluetooth controls work, as they no longer work. Fortunately, you can still switch connectivity off quite easily.

What is the problem?

Apple in iOS 11 decided that when you tap the Wi-Fi or Bluetooth buttons in Control Center, the system now will disconnect you from any devices or networks you are currently on but no longer truly switches Wi-Fi or Bluetooth off.

This means that even though you thought you switched them off, they remain active for things like  AirDrop, AirPlay, Continuity, Hotspot, Location services and devices such as the Apple Watch and Pencil.

An Apple tech support note says this is so you can continue to use those “important features”.

The problem is, as the EFF puts it: “Apple’s UI fails to even attempt to communicate these exceptions to its users.”

To be fair, there is a slight hint in the UI: When you tap Wi-Fi or Bluetooth buttons in Control Center those button icons will be greyed out.

However, if you use one of these methods to truly switch them off, you will see the Control Center button icons greyed out with a diagonal line through them.

I believe users are smart enough to decide when they want those “important features” to be available to them, and when they don’t. Despite Apple’s weird decision, there are three ways you can properly disable Wi-Fi and/or Bluetooth in iOS 11.

Simplest: Ask Siri

The easiest way to enable and disable these connections is to ask Siri: “Hey Siri, switch off Wi-Fi,” should do the trick.

You can also ask Siri to switch these Settings on again. When Siri switches these Settings off it does so within the Settings controls of your device, so the connections are genuinely off.

Simple: Use AirPlane Mode

AirPlane mode will truly disable Wi-Fi, Bluetooth and your mobile network connection with a single tap.

Swipe up to get to Control Center and tap AirPlane Mode to switch them off.

If you want (for example) to keep your mobile network and Wi-Fi active, but want Bluetooth to be truly left off, you’ll tap AirPlane Mode and then tap the network and Wi-Fi icons in Control Center to enable those Settings again. 

Less simple: do it in Settings

Another way to disable these Settings is to open Settings>Wi-Fi, or Settings>Bluetooth and toggle them from green to off. I find this a little tedious, and much prefer using Control Center, even in the slightly convoluted manner described above.

Users should have control

I think users should be in complete control of their connectivity settings.

I understand that this may impact how they use other Apple services and devices, but I do like to believe that people are smart enough to make such decisions for themselves.

It is good that you can still disable these settings as and when you choose, but it is annoying that Apple chose to chip away at our control of such matters – particularly in light of the shocking revelations that Uber has been enjoying privileged (and sinister-seeming) access to our iPhones. People have a right to know who has access to their stuff, and they should be empowered with tools to prevent such access whenever they like, not as an exception, but as a rule.

Google+? If you use social media and happen to be a Google+ user, why not join AppleHolic’s Kool Aid Corner community and join the conversation as we pursue the spirit of the New Model Apple?

Got a story? Drop me a line via Twitter or in comments below and let me know. I’d like it if you chose to follow me on Twitter so I can let you know when fresh items are published here first on Computerworld.