iOS 11 comes with a pretty sweet array of augmented reality tricks. Unfortunately, one thing that is less real than before in the new operating system is user controls for wireless connectivity.
According to a report in Motherboard, iOS 11's Control Centre app which swipes up from the bottom of the screen gives the appearance of allowing users to turn off Wi-Fi and Bluetooth on their phone, but instead only disconnects from wireless networks and accessories. The actual Wi-Fi and Bluetooth chips in the phone remain powered on. Going to the Settings app in iOS 11 does, however, still provide the correct options for users to turn those two parts of their phone off.
The design choice was previously noticed by security researcher Andrea Barisani, and can be seen in the YouTube video below.
This is bad UI design for a number of reasons, but mostly because it might mislead users into believing they had deactivated their Wi-Fi and Bluetooth while both services remain on—something which shouldn’t happen. Motherboard documentation shows that Apple decided Control Panel should not disable the devices entirely because it wants services including “AirDrop, AirPlay, Apple Pencil, Apple Watch, Location Services, and other features” to remain functional, but it could have found another way to do so without withholding information from the user.
Moreover, if users believe the devices do not have wireless capabilities on, that could cause a false sense of security—because wireless connections are the only way to break into a mobile device without gaining physical access to it.
“It is stupid,” security researcher Collin Mulliner told Motherboard. “It is not clear for the user.”
While Bluetooth-based vulnerabilities have been identified before, including some which purportedly affected billions of devices, the good news is that they are difficult to replicate in the wild. Moreover, exploiting an open connection would require a malicious party to pounce in the time between an iOS 11 bug was discovered and it was patched, or otherwise install malware on the device, all while being within a relatively short transmission distance of the user’s phone.
There’s also the fact many users simply walk around with both Bluetooth and Wi-Fi turned on anyhow, and virtually every user turns one or the other on for stretches of time. So the chances of the Control Centre’s misleading UI walking a user into a random trap are pretty low anyhow.
While this is not exactly an apocalyptic bug, you might want to remember to check your iOS 11 device’s Settings menu rather than the less time-intensive Control Centre app for better security. [Motherboard]