EFF Calls Apple’s ‘Off-Ish’ Bluetooth and Wi-Fi Control Center Toggles Bad User Security

The Electronic Frontier Foundation today criticized the changed behavior of Apple’s Wi-Fi and Bluetooth toggles in Control Center, saying iOS 11 has made it harder for users to control these settings and calling them “misleading“ and “bad for user security.”

From the EFF’s blog post:
When a phone is designed to behave in a way other than what the user interface suggests, it results in both security and privacy problems. A user has no visual or textual clues to understand the device’s behavior, which can result in a loss of trust in operating system designers to faithfully communicate what’s going on.
Since users rely on the operating system as the bedrock for most security and privacy decisions, no matter what app or connected device they may be using, this trust is fundamental.
The FCC begs to differ, saying it’s really important that the toggles do what they’re supposed to do, especially considering Bluetooth’s known vulnerabilities. The post links to a white paper detailing several Bluetooth zero day vulnerabilities and security flaws.

The EFF wants Apple to communicate these specific features to the user better, in an effort to make sure that they know when Bluetooth and Wi-Fi are off.
“In an attempt to keep you connected to Apple devices and services, iOS 11 compromises users’ security. Such a loophole in connectivity can potentially leave users open to new attacks. Closing this loophole would not be a hard fix for Apple to make. At a bare minimum, Apple should make the Control Center toggles last until the user flips them back on, rather than overriding the user’s choice early the next morning. It’s simply a question of communicating better to users, and giving them control and clarity when they want their settings off—not ‘off-ish.'”
What I’m having issues with is the way iOS 11 overrides the user’s choice at 5am local time each day, when the device restarts or the user drives or walks to a new location. It’s unclear why that is, but it doesn’t help that this behavior is not clearly explained to users.

 


blog comments powered by Disqus
Octofinder Blog Catalog