4

This article summarizes the functionality that has been recently added to Apple devices.

My colleagues have expressed concerns about this feature eroding network security at the office.

My questions:

  • Should we consider this a security risk? Only people who are on our contacts are supposed to trigger this, but this also makes the perhaps-unreasonable assumption that we completely trust all persons we place on our contact list.
  • How could we switch this capability off?
Steven Lu
  • 977
  • 2
  • 12
  • 13
  • Why do you consider this more risky than the usual way of simply telling others the password? And, is your office network really only protected with pre-shared key where everybody needs to know the same secret and any device knowing the passphrase can access the network? If this is the case then the new feature might increase an already larger risk a bit. – Steffen Ullrich Dec 20 '17 at 06:14
  • @SteffenUllrich You bring some quite good points, which support my personal view, which is that the security practice already in place (PSK) is the far bigger problem compared to this feature, which does arguably increase risk, but (if it works right) only due to the drastic reduction in friction (which is also what makes it potentially a great feature). One may argue that it effectively INCREASES security by reducing the incentive for people to make sensitive Post-its. – Steven Lu Dec 20 '17 at 06:18

1 Answers1

4

First off - why would anyone consider this a security risk? Apple's implementation of the WiFi password sharing feature is much better implemented than Microsoft's attempt from a while ago. For starters:

  • You can only share the password knowingly, and with someone you trust: You still receive a notification when your friend wants to connect to your network and also have to both press a button to accept the request and have them in your contact book.

  • The underlying principle of a pre-shared key remains the same: This isn't changing the functionality through which the client connects to the router (like with a RADIUS server in WPA2-Enterprise) but just removes the requirement for you to speak out the key. In fact, I'd even argue that this method is more secure as you said in another comment since there's no chance that someone you don't trust or an eavesdropper might be able to lift the note with the password or just record you shouting it out to your friend.

Additionally, in an enterprise, you should already be using WPA2-Enterprise with a RADIUS server instead of a PSK. This already seems like a flaw in your current implementation.

Finally, the implementation doesn't automatically share your password with every user in your contact book. It still makes you explicitly approve each user through a dialog box.

And to:

How could we switch this capability off?

It seems like an inbuilt feature without a way to turn it off. I'll update this answer if I come across anything in the future though.

thel3l
  • 3,384
  • 11
  • 24
  • 1
    Thanks. The knee-jerk response was from not knowing about the existence of the new feature, and then encountering it without the feature making it clear that the request only comes from somebody in contacts. Combine that with the awareness that when people start to approve lots of dialogs they start to really become less careful about reviewing them, and it feels like it will be way too easy to compromise. I have to say that the contacts part of this is a bit of a stroke of genius. it just makes it both easier and safer to securely share access. – Steven Lu Dec 20 '17 at 20:44