Tech experts have warned that a WiFi setting turned on by default on iPhones could leave users vulnerable to hackers.
Called Auto-Join, the setting automatically connects devices to public hotspots at places like coffee shops, bars and restaurants.
While the service seems convenient, it could let hackers access personal information on devices, including bank accounts, passwords and photos.
That is because a cybercriminal could be hosting a WiFi hotspot in a location, allowing people to connect so they can steal data.
There are simple steps to turn Auto-Join off. Users open Settings on their iPhone, then select WiFi and scroll down to Auto-Join Hotspot.
Users will then see three options, Never, Ask to Join or Automatic, allowing them to select their preference. Tech experts recommend choosing Never or Ask to Join.
They also urge iPhone owners to disable Auto-Join Networks for an extra layer of security.
This setting automatically connects devices to known networks.
A little-known WiFi setting that is on by default may be leaving iPhone users vulnerable to hackers
To ensure your iPhone does not connect to any outside networks, simply turn WiFi off when leaving the house.
Users can also remove a network they do not plan on using again by tapping network and selecting Forget This Network.
There is also an option to allow the device to Auto-Join the specific network that is toggled on once connected.
The National Security Agency (NSA) recently advised iPhone users to refrain from connecting to public WiFi networks.
It warned that users who connect to outside networks should turn off Bluetooth when not in use.
Hackers are constantly looking for vulnerabilities and leaving the WiFi on makes the device susceptible to ‘KRACK’ attacks, also called a Key Reinstallation Attack.
This is a cyberattack that works by manipulating the WiFi’s protected access through encryption keys to establish a secure connection that lets them steal data over the network when they’re in close range of their target.
Likewise, leaving your Bluetooth on can result in a ‘BlueBorne’ attack – when a hacker takes control of your device without any user interaction.
Users open Settings on their iPhone, then select WiFi and scroll down to Auto-Join Hotspot. Users will then see three options, Never, Ask to Join or Automatic, allowing them to select their preference. Tech experts recommend choosing Never or Ask to Join
BlueBorne let hackers carry out cyber espionage, data theft or even a ransomware attack.
Public WiFi networks don’t have the same security in place that your home has, leaving your smartphone open to serious risks of hackers stealing your identity and financial accounts.
Cybercriminals can set up WiFi networks that appear similar to the one you want to use such as ‘Cafe01’ instead of ‘Cafe1’ in the hope that you’ll mistakenly connect to it.
Once you’re connected to the network, hackers can use online victim profiling to steal your identity and pull data from anything you might type online.
They can also install malware onto your device that will allow them to have continued access to your phone’s data, even after you disconnect from the WiFi network.
According to a 2023 Forbes study, 40 percent of people surveyed said their personal information was compromised while they used public WiFi – primarily at airports, hotels or restaurants.
The NSA also urged iPhone users to reboot their devices every week to prevent zero-click exploits and spear-phishing.
If users don’t reboot the system, a hacker can manipulate open URLs to run a code that installs malware onto the device.
Turning the phone off resets all open web pages and apps and logs out of bank accounts to prevent cybercriminals from accessing sensitive information.
This has the same result on a spear-phishing attack because it removes a hackers ability to send targeted fraudulent emails because they won’t be able to access your personal information.
A 2015 Pew Research study found that nearly half of all smartphone owners rarely or never turned their cell phone off, while 82 percent said they never or rarely rebooted their phone.
Although restarting your phone only sometimes prevents attackers from accessing your data, it makes hackers work harder to breach your phone’s defenses.
‘This is all about imposing cost on these malicious actors,’ Neal Ziring, technical director of the National Security Agency’s cybersecurity directorate, told The Denver Post in 2021.
