CERT FR: If you want to stay secure, switch off your Wi-Fi
Yet more from our 21st Century of Alarming Descent to Digital Dystopia news, as France’s equivalent of the US CERT warns iPhone and Android users to completely disable WI-FI when they aren’t using it.
“The ubiquity and systematic use of smartphones, along with the increasing number of features and data they handle, make them targets of interest for the acquisition of cyber intelligence,” they write in their latest report, available here in English.
They warn that weaknesses in the communication protocols we use in Wi-Fi, Bluetooth, NFC, and cellular networks can and are being abused by state-sponsored hackers, and others. They are particularly keen for us to lock down Wi-Fi because public and poorly configured networks can and are being used.
Manage your own attack surface
“These everyday devices exhibit multiple vulnerabilities as well as a significant attack surface across multiple layers of the device architecture. These vulnerabilities may reside within wireless interfaces, applications, operating systems, and even within hardware components. The numerous communication protocols used, such as cellular network, Wi-Fi, Bluetooth and NFC, suffer from several weaknesses facilitating the interception of exchanged information, or even the alteration of data in order to deploy spyware code on the devices.”
When abused, attackers use these flaws to intercept data, monitor individuals and devices decrypt communication, even for malicious data injection. In other words, lots of bad stuff.
What to do about it?
The Security pros offer up all the traditional advice for securing your digital lives:
Install apps only from official stores (good luck as the App Store ecosystem gets weakened).
- Use strong passwords.
- Review App permissions (as if people have the time)
- Keep devices updated
- Use a trusted USB Data Blocker when charging iPhone on an unknown USB port, such as at an airport or on a train. (Here’s a nice red one via an Amazon Affiliate link, so you can protect your data while helping the site).
- Turn off Personalized Ads.
- Avoid applications that ask for what seems to be excessive permissions.
- Uninstall apps you never or rarely used, you can use the Offload Apps tool to leave App data available in case you need to use it again in future.
- Don’t click links and be vigilant when using QR codes.
They also offer up additional advice to lock down Wi-Fi.
- Deactivate Wi-Fi when not in use.
- Disable automatic connection to known or open Wi-Fi networks.
- Do not connect to public Wi-Fi unless you really must, and when you do make use of a VPN.
You can read the report here.
You can follow me on social media! Join me on BlueSky, LinkedIn, and Mastodon.
