Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
IOS Apple IT Technology

iOS 11's Misleading 'Off-ish' Setting For Bluetooth and Wi-Fi is Bad for User Security (eff.org) 162

Last month, we covered a story about how turning off Wi-Fi and Bluetooth in iOS 11's Control Center doesn't really turn off Wi-Fi and Bluetooth. EFF has called the situation bad for user security. From the report: Instead, what actually happens in iOS 11 when you toggle your quick settings to "off" is that the phone will disconnect from Wi-Fi networks and some devices, but remain on for Apple services. Location Services is still enabled, Apple devices (like Apple Watch and Pencil) stay connected, and services such as Handoff and Instant Hotspot stay on. Apple's UI fails to even attempt to communicate these exceptions to its users. It gets even worse. When you toggle these settings in the Control Center to what is best described as "off-ish," they don't stay that way. The Wi-Fi will turn back full-on if you drive or walk to a new location. And both Wi-Fi and Bluetooth will turn back on at 5:00 AM. This is not clearly explained to users, nor left to them to choose, which makes security-aware users vulnerable as well. The only way to turn off the Wi-Fi and Bluetooth radios is to enable Airplane Mode or navigate into Settings and go to the Wi-Fi and Bluetooth sections. When a phone is designed to behave in a way other than what the UI suggests, it results in both security and privacy problems. A user has no visual or textual clues to understand the device's behavior, which can result in a loss of trust in operating system designers to faithfully communicate what's going on.
This discussion has been archived. No new comments can be posted.

iOS 11's Misleading 'Off-ish' Setting For Bluetooth and Wi-Fi is Bad for User Security

Comments Filter:
  • by lucasnate1 ( 4682951 ) on Friday October 06, 2017 @11:15AM (#55322133) Homepage

    Since the battery can't be removed, I'm beginning to wonder if there is any way to turn off wifi AT ALL.

    • by mark-t ( 151149 )

      Presumedly, putting the device into "airplane mode" will probably disable those services, although it will also disable pretty much everything else you might need for communication.

      If putting the device into airplane mode does not disable those services, then unless Apple fixes the issue real soon, I expect that the TSA is going to be banning iphones on all passenger flights any time now.

      • Airplane mode in iOS 11 does disable the radios and the control panel UI changes to reflect that the WiFi and Bluetooth radios are completely off (the icons are slashed out).

        • Airplane mode in iOS 11 does disable the radios and the control panel UI changes to reflect that

          It does, yes. But airplane mode also disables phone calls. They are so close to getting it right. Just make the switches toggle through the three states.

    • by Guspaz ( 556486 )

      Since the "off-ish" thing only affects the quick settings in the control center, you can still turn bluetooth and wifi all the way off the same way you always could before: turn it off in the settings app.

      • That's smart. Almost as smart as having a master control in your house - a circuit breaker, say, or a stopcock - that governs almost all the electric sockets and taps.

        But that's OK. There's another one that actually does turn everything off. It's in a basement with a sign saying "beware of the leopard" on it.

        • by Guspaz ( 556486 )

          I mean, it seems to be working pretty fine for me. 90% of the time, when I click the control center bluetooth or wifi options, it's because I want to disconnect from whatever it's connected to at the moment, not turn the whole thing off. And it works fine for that, and leaves my watch still connected. If I need to actually kill wifi or bluetooth entirely, then I'd either just use the airplane button, or go into the settings, but I almost never fully disable those outside of airplane mode.

    • I'm beginning to wonder if there is any way to turn off wifi AT ALL.

      In the settings app, sure. But I'm not happy with the way it works now. I do like the ability to disconnect without disabling wifi, but just make it (the widget) a three-state switch - on, disconnect, and off. When it actually is off the widget is drawn with a diagonal slash, so basic support is already there, they just have to decide to implement it.

    • by TheFakeTimCook ( 4641057 ) on Friday October 06, 2017 @01:29PM (#55323139)

      Since the battery can't be removed, I'm beginning to wonder if there is any way to turn off wifi AT ALL.

      Yes. Going to "Settings", WiFi , and flipping the "switch" will Turn it off (same with BT); and putting the phone in "Airplane Mode" does, too.

      The only place that it does a "Warm shut-off" is in the Control Panel. And Apple has an (IMHO quite reasonable) explanation as to why that is the case:

      http://www.idownloadblog.com/2... [idownloadblog.com]

      • And Apple has an (IMHO quite reasonable) explanation as to why that is the case:

        http://www.idownloadblog.com/2... [idownloadblog.com]

        That link does NOT provide any explanation about why I'd still want to use those specific features after disabling Wi-Fi, nor does it explain what constitutes a "new location" or what's so special about 5 am.

        • And Apple has an (IMHO quite reasonable) explanation as to why that is the case:

          http://www.idownloadblog.com/2... [idownloadblog.com]

          That link does NOT provide any explanation about why I'd still want to use those specific features after disabling Wi-Fi, nor does it explain what constitutes a "new location" or what's so special about 5 am.

          If you thought the explanation were confusing or incomplete, Then you are simply too stupid to drive a Smartphone.

          Better go back to Android, where the reasoning and ramifications of every control setting are clearly and thoroughly explained...[/sarcasm]

  • Apple's paternalistic approach to their users results in a 'we know better than you how to protect you' attitude.

    It's unfortunate for Apple, because it means that only the duller customers will continue to trust Apple's judgement.

    • by Anonymous Coward on Friday October 06, 2017 @11:46AM (#55322325)

      It's unfortunate for Apple, because it means that only the duller customers will continue to trust Apple's judgment.

      And thus the perception of anyone using Apple products is "Oh, an Apple user. Here, take my handicapped parking spot, you poor thing."

      • It's unfortunate for Apple, because it means that only the duller customers will continue to trust Apple's judgment.

        And thus the perception of anyone using Apple products is "Oh, an Apple user. Here, take my handicapped parking spot, you poor thing."

        Would you like a list of all the 2, 3 and 4-digit Slashdot UID owners are also rocking Apple computers and other devices?

        • It's unfortunate for Apple, because it means that only the duller customers will continue to trust Apple's judgment.

          And thus the perception of anyone using Apple products is "Oh, an Apple user. Here, take my handicapped parking spot, you poor thing."

          Would you like a list of all the 2, 3 and 4-digit Slashdot UID owners are also rocking Apple computers and other devices?

          Both of them?

        • Would you like a list of all the 2, 3 and 4-digit Slashdot UID owners are also rocking Apple computers and other devices?

          Just make sure that I am not on it. Cheers.

    • Re: (Score:2, Offtopic)

      Apple's paternalistic approach to their users results in a 'we know better than you how to protect you' attitude.

      It's unfortunate for Apple, because it means that only the duller customers will continue to trust Apple's judgement.

      It has nothing to do with being "paternalistic". They just didn't want a gazillion support calls when people turned off those services and then tried to use any of the following:

      AirDrop
      AirPlay
      Apple Pencil
      Apple Watch
      Continuity features, like Handoff and Instant Hotspot
      Instant Hotspot
      Location Services

      So, they made the Control Panel a "Soft Turn-Off", which disconnects from WiFi networks and temporarily stops trying to re-join them, and does a similar thing with BT (don't know much about those specifics). But

  • Unless you can remove the battery.

    The mic is always hot, and probably the camera too.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Mic is always hot on an iPhone ever since they added "hey Siri" support and all audio recorded is almost certainly sent to Apple to help them train their voice AI. We know that with the iPhone X, the camera will also always be active and scanning for faces.

      Ever wondered why the battery life in new iPhones is so abysmal? Because it's always spying.

      • "Hey Siri" is processed locally on the phone, nothing is sent off they device unless you activate Siri, and the data that is sent is anonymized.

        https://techcrunch.com/2015/09... [techcrunch.com]

        • There is no way of verifying this information. We simply have to trust apple that its true. Did we forget 'Trust, but Verify'?
          • There is no way of verifying this information. We simply have to trust apple that its true. Did we forget 'Trust, but Verify'?

            Really? NO way to use a Packet Sniffer to see a burst of data when you say "Hey, Siri"?

            But you won't; because it DOESN'T.

            • I guess slashdot has forgotten 'trust, but verify'. Dont fucking tell me to trust something if i cant see the source code. Its a principle of computing and im tired of morons like you saying 'just go with it'
              • by zieroh ( 307208 )

                Dont fucking tell me to trust something if i cant see the source code. Its a principle of computing

                It's not a "principle of computing", if that's even a thing. It's a naive and idealistic viewpoint largely promulgated by weirdos who eat toejam [youtube.com]. It is neither universally shared among all practitioners of software engineering, nor even all members of slashdot. Sure, there are lots of those types on slashdot, but don't think for a minute that you speak for everyone.

                • You are pedantically correct in that its not a 'principle of computing', its an issue of trust. You cant just hand-wave away the issue that none of us can say what an iphone actually does. All we can do is take Apple's word, and that is simply unacceptable and will be used to abuse the people over and over for the next few decades.
                  • by zieroh ( 307208 )

                    You are pedantically correct in that its not a 'principle of computing', its an issue of trust. You cant just hand-wave away the issue that none of us can say what an iphone actually does. All we can do is take Apple's word, and that is simply unacceptable and will be used to abuse the people over and over for the next few decades.

                    You don't get to inspect all the software you will encounter. You never have, and you never will. It's a stupid dream invented by wildly naive and impractical people who don't seem to understand the size of the wave that's carrying software forward.

                    Even if you could inspect all that software for yourself, there's so much of it that you could spend your entire life looking at shitty code and never actually doing anything. Better start getting used to that fact, instead of tilting at windmills and bitching ab

      • We know that with the iPhone X, the camera will also always be active and scanning for faces.

        Not the camera. The 3D modeling IR sensor does the face recognition. It doesn't (can't) construct a useful picture and the camera is not on.

      • by TheFakeTimCook ( 4641057 ) on Friday October 06, 2017 @01:48PM (#55323335)

        Mic is always hot on an iPhone ever since they added "hey Siri" support and all audio recorded is almost certainly sent to Apple to help them train their voice AI. We know that with the iPhone X, the camera will also always be active and scanning for faces.

        Ever wondered why the battery life in new iPhones is so abysmal? Because it's always spying.

        You're dead wrong on the "Hey, Siri" thing. That is decoded ON-CHIP. That's why it required a new model iPhone (with a new SoC) when it was first announced.

      • by TheFakeTimCook ( 4641057 ) on Friday October 06, 2017 @01:52PM (#55323377)

        Mic is always hot on an iPhone ever since they added "hey Siri" support and all audio recorded is almost certainly sent to Apple to help them train their voice AI. We know that with the iPhone X, the camera will also always be active and scanning for faces.

        Ever wondered why the battery life in new iPhones is so abysmal? Because it's always spying.

        Same thing for the FaceID. ALL done ON CHIP, in the Secure Enclave IC. NOTHING sent to Apple.

        NOTHING. Not even during "Enrollment". And no FaceID Data available outside of the Secure Enclave chip. They provide a low-res "face tracker" mesh to the outside for Apps to use; but nothing that approaches the resolution of the FaceID data.

  • by Anonymous Coward

    If the off switch on a radio doesnâ(TM)t actually turn it off that sounds like something that should be filed as a complaint with the fcc. Ralf regulation is a serious matter.

    • by dgatwood ( 11270 )

      Agreed. Also, I've frequently had problems on recent Apple hardware such that power cycling the Wi-Fi radio was the only way to get it working again (2013 Retina MBP, I'm looking at you). If this brain damage bleeds over to OS X, that's going to mean completely powering off my laptop once every few days.

    • If the off switch on a radio doesnâ(TM)t actually turn it off that sounds like something that should be filed as a complaint with the fcc. Ralf regulation is a serious matter.

      There IS an "Off". That is more akin to a "Standby".

      Nothing to see here; move along.

  • by tk77 ( 1774336 ) on Friday October 06, 2017 @11:39AM (#55322303)

    Saying the UI doesn't communicate the differences is not entirely true. There is a visual difference in the control center between the radio being "on",m "disconnected" and "off".

    In the normal "compact" control center mode if the device is "disconnected", the icon is displayed with a gray background (blue background is "on"). If the device is "off" the icon has a cross through it. In the expanded view (tap and hold on a button will bring up the expanded view), it will actually say "on", "disconnected" and "off" based on the mode.

    I'm not saying this makes everything better, as the user would still have to know what the visual cue's mean. But to say that the UI fails to communicate this is not true.

    • by JohnFen ( 1641097 ) on Friday October 06, 2017 @11:46AM (#55322331)

      I'm not saying this makes everything better, as the user would still have to know what the visual cue's mean. But to say that the UI fails to communicate this is not true.

      "Communication" is different from "signalling". "Communication" requires understanding on the part of the recipient, or it's not communication.

      If it isn't clear to the user what the color-coding means, then the UI is failing to communicate to the user.

      • by Anonymous Coward

        But the quote says fails to "even attempt..." which is incorrect. Clearly the UI is attempting to, although possibly unsuccessfully to most people. But now that it has been explained, it actually seems pretty reasonable. Normally I would not want to stop communicating with my Apple Watch, and when I turn it off it is because I want to disconnect from the local hotspots for a time. Seems like a nice feature in addition to the standard "completely off" that is still available.

        • Yeah, that's a good point.

          The failure here is that the UI is not being clear. I think people are overreacting to this a bit, but it is understandable given that it's an Apple UI, and Apple's reputation with user interfaces is that they are designed to be very clear.

    • There's a fundamental problem there.

      The behaviour changed from and on / off with the button itself unable to do a three way toggle. The result is a user who probably is unable to understand the distinction between disconnected and off, also has the expectation that the button worked like it always did in the absence of an immediate 3rd option.

      Hence what was "communicated" by the interface choice is that "disconnected" is now the replacement for "off". Really shitty from a company that prides itself on easy

      • ISTR on an old Android phone that it had three states on an icon when you wanted to turn something off: the on state, a greyed out "lost connectivity" state and disabled line-through-it state when it was off. I don't think it was lying but I never cared enough to check and assumed off meant off.

        Which is also why I bought a Rio Karma instead of an iPod (besides being able to play FLACs). Off was off, not some nebulous "low power just in case you want to turn it on again" state that just drained your battery

        • It did,...
          From the very beginning,...
          And pressing the button cycled through all three states.

          There was never any confusion about the fact that there were 3 states which did three things and at no point did they change one behaviour for another in some way that wasn't obvious to the user.

          The problem here is not that WiFi or Bluetooth aren't disabled, it's the way that Apple chose to do it and present it to the user made it not immediately obvious that this is the case nor made it obvious how the user can act

    • by Vroem ( 731860 )
      Yes, the upside to all this is that we now can disconnect from the current network, until now this had to be done by disabling wifi entirely. Now it will auto reconnect when you go somewhere else.

      For me this actually reflects the way I always used that button: to disconnect from a wifi network and get a faster connection through cellular, only to forget to switch it back on when better wifi is available.

      In the future we there might be no need to disconnect from bad wifi any more thanks to multipath TC
      • by berj ( 754323 )

        I agree. This is just about the only reason I turn off my wifi or bluetooth individually -- to disconnect from something. But then if I want to use AirDrop or my Pencil or some such I need to turn it back on.

        The GUI is pretty clear that it's just "diconnecting" and not turning the radio off. It even says "disconnecting from..." when you tap the button. In the expanded view (long press/3D touch) it even says "disconnected" rather than "off". If you turn on airplane mode you can see what it looks like (a

        • Re: (Score:2, Insightful)

          by spire3661 ( 1038968 )
          Jesus Christ, you have to have Bluetooth on to initiate a fucking ad-hoc wifi file transfer? So both phones have to be iphones of a certain date, both have to be logged in to Apple, and then you can only transfer files through one app, and you dont ever actually get a true network. Tell me again how any professional actually uses this shit? Two VERY advanced computers cant even direct connect and share files without two separate radios and be connected to the mothership......WTF happened here?
          • by berj ( 754323 )

            What's the problem with negotiating/initiating over bluetooth and then sending the data high-speed over WiFi?

            Both devices have to be newer than 2012-2013-ish vintage.. is that really a huge deal? Of the tens of people I've needed to do file transfers with while working not a single one of them had a device that wouldn't work.

            No neither device needs to be connected to Apple. The connection is entirely peer to peer. I've done it between two laptops, nether of which had an external internet connection.

            But m

            • Because this is a very simple thing that should require one radio and no other connection. Every iOS phone is physically capable of ad-hoc, they purposefully obfuscate it. It never occurred to me that Apple would be so petty and short sighted to make simple file sharing so purposefully shitty. It never once occurred to me they would consider such a simple tech to be something that can only be used a very certain way. I understood why early mobiles couldnt do simple file handling, but there is absolutely no
              • by berj ( 754323 )

                Purposefully shitty? Haha.. that's rich.

                Jesus.. it can't be simpler. Turn on Airdrop.. select a file or files.. share.. select recipient.. recipient accepts.

                You want it to magically teleport when you just think of the file? What less shitty alternative are you proposing? Be specific.

                • I want to be able to share files with the rest of the computers in the world over open protocols...not just apple ones over proprietary ones....Why do you defend this stuff? Every phone should be able to share files with another easily, if the users wishes it, not just special ones.
                  • by berj ( 754323 )

                    Ahhh.. now we get to the heart of the matter.

                    I defend things that work for me and the people I work for and with. If someone has an incompatible machine (it's rare that I run into someone with an android phone or a windows machine in my work.. but it happens) they can upload to dropbox, ftp, email or message me the files.. or even.. gasp.. give it to me on a USB stick. It's substandard.. but the number of people I deal with that have macs and/or iPhones/iPads is sufficiently close to 100% enough that I coul

      • For me this actually reflects the way I always used that button: to disconnect from a wifi network and get a faster connection through cellular, only to forget to switch it back on when better wifi is available.

        I will second that. Occasionally, I have had reason to turn off WiFi to check out connectivity from the "outside point-of-view". And I inevitably forget to turn it back on until hours later.

  • by Hognoxious ( 631665 ) on Friday October 06, 2017 @11:54AM (#55322369) Homepage Journal

    Misleading settings are bad - period. A thing should say what it does and do what it says.

    • This would destroy pollitics as we know it!

  • I've disabled the automatic update for the OS.

  • by seth_hartbecke ( 27500 ) on Friday October 06, 2017 @11:58AM (#55322401) Homepage

    The anti-apple hate here is just ... something else. Two stories on this, really?

    So, on iOS there is this control panel you can access when you swipe up from the bottom of the screen. In there is a WiFi logo, that is normally blue if you are connected to WiFi. If I tap it, it disconnects from the currently connected WiFi network. It's really nice for when I decide "hey, I don't want to access this NSFW thing while on the work WiFi" or "the hotspot in my Car (which has a different carrier then my cell phone)" is in a cellular dead spot and I need to disconnect from it. But when I come in range of another known network, the phone will associate with it again (like, when I get home and I'd like my phone using my home WiFi, I don't have to remember to turn it back on).

    When you do this you even get a blurb of text on the screen "Disconnecting from {wifi name}." NOT "I've powered the WiFi radios down."

    You still CAN actually power the WiFi radios down. You just have to go to Setting -> WiFi -> and flip the off switch. Now they are off, period.

    So yea, the button in the control panel really means: disconnect from this wifi network because I don't like it right now.

    Bluetooth does the same thing. Tapping that in the control center basically drops all connected devices. But two hours later when you turn your bluetooth headset on, it'll pair up just fine.

    Queue freakout.

    • Re: (Score:2, Insightful)

      by spire3661 ( 1038968 )
      Some of us dont like things turning themselves back on. If i set something off, i want it off until i personally decide i want it back on. You are making an argument for the lazy and absent minded. Its not hard to remember to turn BT back on...Dont excuse this outright disrespect of the user.
      • Some of us don't like things turning themselves back on. If i set something off, i want it off until i personally decide i want it back on.

        I feel that way about my dick.

      • by Aaden42 ( 198257 ) on Friday October 06, 2017 @12:39PM (#55322689) Homepage

        For those people, there's the switch in Settings that won't turn itself back on. It's in the same place it's always been and does the some thing it's always done. This new switch that looks different in a new place does something different.

        You've always pushed a bright red switch on the right side of the panel to do a thing. One day there's a brand new orange switch on the left side, but the same bright red switch is still in the same place. Perhaps there's a chance the orange switch might do something different than the red one?

        For every time I've come home after a day in flaky WiFi land and forgot to turn WiFi back on until I've sucked down a bunch of LTE data, this is an improvement.

        • by tlhIngan ( 30335 )

          For those people, there's the switch in Settings that won't turn itself back on. It's in the same place it's always been and does the some thing it's always done. This new switch that looks different in a new place does something different.

          You've always pushed a bright red switch on the right side of the panel to do a thing. One day there's a brand new orange switch on the left side, but the same bright red switch is still in the same place. Perhaps there's a chance the orange switch might do something diff

      • "Some of us dont like things turning themselves back on."

        The button does not advertise itself as an off button. It advertises itself as a disconnect button. The button is doing exactly what it says it does when you press it, it is disconnecting. It doesn't turn things off, because it's not an off button nor does it claim to be.

        Your argument is: this button, which is clearly does what it is clearly labeled to do doesn't do something it isn't labeled to do.

    • The anti-apple hate here is just ... something else.

      There may be some hate being spewed, but for the most part those of us who aren't Apple fans (or for that matter Microsoft fans) have neither the need nor the desire to hate.

      We simply go our own way and aren't bothered by products we don't use.

      • Did you hold a monocle over your eye while you typed that? And then walk out to lunch with your top hat on?

        • Fine, keep on hating if you wish, and see how much it accomplishes. Far easier to simply ignore MS and Apple and simply not be bothered.

    • you even get a blurb of text on the screen "Disconnecting from {wifi name}."

      Funny that really doesn't mean anything. If a user is expecting WiFi to turn off it stands to reason that they'd be warned they are getting disconnected. That's the problem here.

      The feature itself isn't a bad idea. Quite the opposite, I like the idea of being able to disconnect WiFi without turning WiFi off. However putting that feature over another existing feature with existing behaviour, and moving that other one into some sub-menu somewhere and then providing an utterly useless message is exactly what t

    • When you do this you even get a blurb of text on the screen "Disconnecting from {wifi name}." NOT "I've powered the WiFi radios down."

      In a consumer electronic device, you shouldn't have to read the gui blurbs with a "practically interpreting legalese" mindset.

      If I clicked the disconnect-wifi button (or what I reasonably think was the button), I'd interpret "Disconnecting from {wifi name}" as meaning "Disconnecting from {wifi name} because I'm shutting off the damn WiFi".

  • by will_die ( 586523 ) on Friday October 06, 2017 @12:11PM (#55322483) Homepage
    My samsung android has a similar feature I can turn off wifi but if I move to a new location it is turned back on. Like what happen just implemented you have to go into a deep menu and change that setting so off means off.
  • My phone constantly reports available networks even with wifi turned off. It's Galaxy S7.
  • Newer versions of Android do not turn off Wi-Fi when you switch it off, the switch is just used to disconnect you. There is a setting that will re-enable WiFi when you come within range of a trusted hotspot (eg your home network). I've found it useful as occasionally I'll turn off WiFi when the free offering at a place is not working properly, and then forget to turn it back on when I leave.

    If you REALLY want it all off, you can enable airplane mode and then piecemeal enable things you want (though cell ser

    • by SeaFox ( 739806 )

      Is that an Android Oreo thing? Because I'm on 7.1 and the wi-fi/bluetooth settings work "normally".

      Methinks there are some people here with a device-maker UI change and mistaking it for standard Andriod behavior.

  • The promise of the Apple eco-system was that everything worked together without fiddling, and there were no headaches. That promise is less and less true. More and more the damn things have gotten more buggy, and behaviors change (or get buried) for no obvious reason ("Courage" my ass).

    Most recently the Apple router has occasionally stopped talking to the Apple TV when my Apple iPad is talking to the interwebs. Turn off WiFi (while I still can, since I am still on iOS10) and the Apple TV springs back to

    • The promise of the Apple eco-system was that everything worked together without fiddling, and there were no headaches. That promise is less and less true. More and more the damn things have gotten more buggy, and behaviors change (or get buried) for no obvious reason ("Courage" my ass).

      Most recently the Apple router has occasionally stopped talking to the Apple TV when my Apple iPad is talking to the interwebs. Turn off WiFi (while I still can, since I am still on iOS10) and the Apple TV springs back to life for an hour or so.

      You have something configured incorrectly. My iPad doesn't mess with anything on my Apple TV, or anything else for that matter. And yes, I am running an Apple router, too.

  • by GrumpySteen ( 1250194 ) on Friday October 06, 2017 @01:53PM (#55323395)

    You're going to get what you deserve

Technology is dominated by those who manage what they do not understand.

Working...