Apple has made changes in iOS 11 that push its devices towards Wi-Fi and Bluetooth being enabled by default, which may make users more vulnerable to attacks.
Apple explains in a support document that for the “best experience” on your iPhone, you should always try to keep Wi-Fi and Bluetooth on. So, in iOS 11, it’s made it more difficult for users to fully disable them.
Previously, toggling both connectivity options off in Control Center did what was expected. In iOS 11, it only partially disables Bluetooth, disconnecting a device from accessories it’s connected to, but leaving it available for features like Handoff, Instant Hotspot, AirDrop, AirPlay, Apple Pencil, and Location Services.
Toggling off Wi-Fi in Control Center now disconnects the device from the network it’s connected to, but leaves auto-connect on.
This preference for ensuring Bluetooth is always on could open iOS devices to attacks using weaknesses like the recent BlueBorne flaw, which affected Windows, Android, Linux, and iOS.
Although iOS 10 was not vulnerable, the only way to ensure an attacker couldn’t exploit the bug on unpatched systems was by disabling Bluetooth. The same goes for Wi-Fi in the case of the recent Broadpwn set of bugs, which affected the iPhone and most Android devices and made it unsafe to leave the Wi-Fi auto-connect feature enabled.
To completely disable Bluetooth and Wi-Fi in iOS 11, users will need to tap through to the Settings page and disable them from there. You can still turn on Wi-Fi and Bluetooth in Control Center, but you just can’t turn them fully off from there.
Also in iOS 11, Wi-Fi and Bluetooth is enabled every time the device is restarted. Both are also automatically enabled at 5am local time.
F-Secure’s head of hardware security, Andrea Barisani, who was one of the first to notice the iOS feature, reckons the Control Center toggle is “unintuitive” and problematic since the features are re-enabled in “non obvious” conditions, such as at 5am.
He suggests Apple instead enables a long press on the icons in Control Center to actually turn them off.
Previous and related coverage
Before you do anything on your iPhone or iPad, you should lock it down. This is how you do it.
The upcoming iOS 11 update means you’ll never have to remember your app password again.