Wi-Fi and Bluetooth buttons in Control Center don’t do what you think

A security experience at a convention recalls the weaknesses of the iPhone Control Center. If you don’t use Bluetooth or Wi-Fi, consider disabling those two connections, but not through the iOS Control Center.

The Control Center on iPhone is the way to access quick settings on your device, without having to go through the Settings application. However, the deactivation of Wi-Fi and Bluetooth is not total via what is called in English the ” Control center “. What potentially hack Apple smartphones, but also iPads.

This device sends fake invites to iPhones

It all started at Def Con, a convention dedicated to hacking that took place a few days ago. There, a security researcher named Jae Bochs created a $70 gadget. It actually sends fake personalized alerts to iPhones, prompting those who receive them to connect their AppleID or enter their password, supposedly to connect to a nearby Apple TV. What potentially hack Apple accounts, if real hackers were trying to create these fake invitations.

In fact, this gadget uses Bluetooth LE, which notably allows Apple devices to communicate with each other, including to display pop-up messages. As reported Tom’s Guidethis experience was part of a ” research project to remind iPhone users to turn off Bluetooth when not in use. This is not the only vulnerability of iPhones: hacker attacks may not require action on the part of users. The problem is that turning off Bluetooth from Control Center doesn’t actually turn it off, same for Wi-Fi.

Turning off Bluetooth from Control Center… doesn’t really turn off Bluetooth

In fact, turning off Bluetooth or Wi-Fi from the ” Control center it simply disconnects all devices using these options. We are talking about your Internet box, your speaker or your wireless headphones. Wi-Fi and Bluetooth continue to work on iPhone in the background, even when not in use.

The only way to disable these connections is by going to your smartphone settings. This is the only way that currently exists for a complete deactivation. On a support page on the Apple site, we learn that by disabling both connections from the Control Center, ” Wi-Fi and Bluetooth functionality are still available “, which allows among other things to use AirDrop, AirPlay, the Apple Pencil or an Apple Watch. From the point of view of the user experience and the brand’s famous ecosystem, we understand why the firm made this somewhat misleading design choice. However, this misleading deactivation poses a real security question.

However, when disabling both settings from the Control Center, a message notes this: ” Disconnecting Bluetooth devices until tomorrow “. Another advantage of completely disabling the Wi-Fi and Bluetooth of your iPhone: it saves a little battery, and thus gains very slightly in life.