This was a change made by Apple intentionally and has been talked about in many other threads. Apple wants wi-fi and Bluetooth to be available as much as possible to the iPhone and it's unlikely they will change it. Here is how they inform people on how it is to be used:
Use Bluetooth and Wi-Fi in Control Center with iOS 11 - Apple Support
You can turn either of them off in Settings or by using Siri.
This was a change made by Apple intentionally and has been talked about in many other threads. Apple wants wi-fi and Bluetooth to be available as much as possible to the iPhone and it's unlikely they will change it. Here is how they inform people on how it is to be used:
Use Bluetooth and Wi-Fi in Control Center with iOS 11 - Apple Support
You can turn either of them off in Settings or by using Siri.
Bluetooth itself is a massive, overlooked security vulnerability.
If you've bought into the false notion that any sort of ironclad security is somehow built into Apple products, you are sorely mistaken.
Apple kinda "informs" people about changes. You did not read the Product Security notes on the update, did you? About the security content of iOS 11 - Apple Support Obviously, any gaps in security are the users fault...
Another bluetooth item is top of the list and a previous massive issue with bluetooth is tucked under WiFi since its all the same Broadcom chip.
iOS 11
Released September 19, 2017
Bluetooth
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An application may be able to access restricted files
Description: A privacy issue existed in the handling of Contact cards. This was addressed with improved state management.
CVE-2017-7131: Dominik Conrads of Federal Office for Information Security, an anonymous researcher, Anand Kathapurkar of India, Elvis (@elvisimprsntr)
Entry updated October 9, 2017
Wi-Fi
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-11120: Gal Beniamini of Google Project Zero
CVE-2017-11121: Gal Beniamini of Google Project Zero
Did you know there are many thousands of registered vulnerabilities for Apple products that have been issued a CVE-ID and therefore are part of the standardized repository that catalogs all such exploits which is used by pretty much everyone from governments to private companies like Apple? https://cve.mitre.org
Lawrence Finch wrote:
Philly_Phan wrote:
Yes. It was well-hidden in the iPhone User Guide.
What better place to hide something, in a document that no one reads? Puts me in mind of Poe's "The Purloined Letter."
I have to admit that I don't read user manuals UNLESS something unexpected happens and then I'll search the manual to determine what's going on.
It's understandable that Apple want to promote it's eco system but I don't use Airdrop, Airplay, Airpencil, AppleWatch, etc. Failing to overtly inform users that they have removed an essential security control, or veiled it in some way, is deceptive. WIFI and Bluetooth turn on by themselves at 5am, when you move, etc. N
jtjacoby wrote:
WIFI and Bluetooth turn on by themselves at 5am, when you move, etc. N
Not if you go to Settings>WiFi and Settings>Bluetooth and turn them off. They will then stay turned off until you go back into settings and turn them on.
jtjacoby wrote:
Apple's ios 11 default Bluetooth and wifi On is a blistering security defect. Let's see how long it takes them to restore command and control of these primary telecommunications radios to the user. As a CISO it's not just the defect, it's also includes Apple not informing us of a significant change to the device security model.
No, it is not a security defect, blistering or otherwise. Believe it or not, Apple has some of the best security analysts in the tech world. The would never release a product with security defects. And they know a lot more about security than you do.
What is the security defect that you think exists from leaving Wi-Fi and Bluetooth on all the time?
I almost never use Bluetooth and I can assure you that it never turns itself on at 5:00 AM on any of my iOS devices. I have it turned it off in the settings and it never re-enables unless I do so myself.
And you realize that almost all of those vulnerabilities have been patched by Apple fairly soon after being noted in the first place?
There is no “gaping” or “massive” security hole in BT 4+ standards - that is a gross over statement of security issues with BT. Yes, there are vulnerabilites identify at times, just as there are for any communications or connectivity protocol (the current KRACK wifi vulnerability, for example, which affects any client device using WPA2). But OS makers typically issue patches for them in short order.
jtjacoby wrote:
It's also includes Apple not informing us of a significant change to the device security model.
Yes. It was well-hidden in the iPhone User Guide.
Philly_Phan wrote:
Yes. It was well-hidden in the iPhone User Guide.
What better place to hide something, in a document that no one reads? Puts me in mind of Poe's "The Purloined Letter."
The vast majority of devices I've encountered (prior to 11) had Bluetooth turned on and had little idea of its purpose, let alone used it. This wasn't a security hole then.
chase_daniel wrote:
Bluetooth itself is a massive, overlooked security vulnerability.
Actually, it isn't. But, as I'm not going to convince you, goodbye.
There is no huge Bluetooth vulnerability and iOS is a far more secure system than Android or the recently departed Windows Mobile.
Gaping Bluetooth Security Hole
