Risks posed by "Wi-Fi Password Sharing" in iOS 11.

iOS 11 has been officially available since 19 September 2017. The new version of the operating system incorporates interesting features for Apple devices, which simplify many applications, such as automatic QR code scanning by camera. Another new function is "Wi-Fi Password Sharing", which provides a convenient way of sharing Wi-Fi passwords. In the private sphere, this feature is certainly very practical – for a company Wi-Fi network, however, this poses an incalculable security risk.


Simplify complicated password entry

Just about everyone knows the situation when you have to squeeze behind a sideboard in order to get to the router to read the default Wi-Fi password and dictate it to the person wanting to connect to the Wi-Fi. Since the key now has to be 63 characters long, reading it aloud and typing it in can often be quite laborious. iOS 11 solves this problem with a new function that enables Wi-Fi passwords to be shared between devices with iOS 11, comparable to AirDrop. Anyone in future wanting to grant a guest access to the home or company's own Wi-Fi network no longer has to exchange login data on pieces of paper or conceal the password when entering it. In practice, the guest simply selects the respective network in the settings. Instead of typing in the password, unlocked devices, with Bluetooth enabled, receive the prompt to share. With a single tap, the password is transferred to any other device.


Easy and dangerous

As a rule, iOS 11 stores Wi-Fi passwords in iCloud Keychain, provided that this is enabled. This means that, once transferred, a guest can see the password and also use the new function to share it very quickly and easily with other people, thus facilitating undesirable, uncontrolled dissemination. Whilst it may be very smart and easy for private users to quickly log into the Wi-Fi, this facility presents a true nightmare scenario for security-conscious IT managers in companies, since Wi-Fi Password Sharing facilitates the uncontrolled use of the Wi-Fi network by external users. An inadequately protected wireless network could get hacked, allowing data to be accessed by unauthorised persons. The German Law Society (Deutsche Anwaltsverein, DAV) issued a warning years ago: Operators of a wireless network should not open their Internet access carelessly to third parties; a shared Wi-Fi also constitutes a legal risk for the operator.


Protect your Wi-Fi

One of the most common Wi-Fi security systems in the private sphere is based on a "pre-shared key", i.e. a password that is as cryptic as possible, composed of a random sequence of letters, numbers and special characters. The wireless access point grants Wi-Fi access to any person or device that enters the correct password. Since a single shared key is employed for all users, however, the wireless network is more vulnerable - especially due to the uncontrolled sharing, which iOS 11 now facilitates.


With company Wi-Fi, the encryption must therefore go a decisive step further. The use of authentication, for example in the standards PEAP-MSCHAP V2 and EAP-TLS, affords advanced security over the use of a pre-shared key. If the certificates are regularly checked and updated by IT professionals, a company's in-house Wi-Fi network benefits from the highest level of security currently available.


Your Wi-Fi is secure with us

We support you in setting up your secure, certified Wi-Fi – starting with the concept development, the initial installation of your wireless network, when updating the certified security standards and when implementing reliable processes for the integration of new devices and users.


How do you configure your company's Wi-Fi to be secure and also protect it effectively over the long term? You can learn more about this topic in our blog post: "Wi-Fi Security for Companies"


How does "Wi-Fi Password Sharing" work in iOS 11? Our short 'how to' video on YouTube shows you!