The National Security Agency (NSA) has issued a cautionary note for iPhone users about a specific setting that could make them vulnerable to cyber threats.
In today’s world, staying connected is a priority. Whether it’s checking messages, scrolling through social media, or satisfying curiosity with a quick Google search, a Wi-Fi connection is often essential.
While mobile data can falter, Wi-Fi provides a reliable alternative, yet it is important to be aware of the dangers associated with connecting to certain networks.
It’s commonly known that public networks lack the security of private ones, but iPhones have a feature that might automatically connect you to these less secure networks.
Called ‘auto-join’, this feature first looks for preferred networks, then private ones, and finally public networks, as explained by Apple.
Apple describes public networks as those accessible in places like hotels, airports, or coffee shops.
While useful for quick internet access, automatic connections to these networks can expose users to potential hacking.
The NSA warns that hackers may create networks that appear legitimate, such as those in restaurants or hotels, and then use these networks to redirect users to harmful websites, insert malicious proxies, or intercept data.
These networks, termed ‘evil twins’ by the NSA, imitate expected public Wi-Fi services, potentially granting hackers access to transmitted data.
“The risk is not merely theoretical,” the NSA says. “Malicious techniques are publicly known and in use.”
Hackers who infiltrate a phone can steal personal information and data.
To mitigate this risk, iPhone users should disable the auto-connect feature by navigating to Settings > Wi-Fi.
Users can adjust the ‘Ask to Join Networks’ setting to ‘Off’ or ‘Ask’. For ‘Auto-Join Hotspot’, it’s advisable to select ‘Never’.
“If users choose to connect to public Wi-Fi, they must take precautions,” the NSA says. “Data sent over public Wi-Fi – especially open public Wi-Fi that does not require a password to access – is vulnerable to theft or manipulation. Even if a public Wi-Fi network requires a password, it might not encrypt traffic going over it.”
For added security, users should check for padlocks in browser URLs to ensure encrypted browsing and avoid entering credentials into unexpected popups or familiar-looking sites.