> Totally creepy and unacceptable that a private piece of equipment can be affected remotely.
Any modern mobile network client can be affected by the developer's servers going down, because that's the only way to do captive WiFi network detection.
> My phone keeps trying to use wifi rather than connecting to my cellular network.
This already exists and it's called "Wi-Fi Assist". It's disabled by default but you can enable it by scrolling all the way down in the "Mobile Data" settings menu (after all the apps).
> There is an obscure setting in location where you can disable it.
For those wondering, I believe the setting is Settings => Location => => Scanning (in the the vertical dots menu in the upper right) => Wi-Fi scanning (on my Nexus 5 running Android 6.0.1, anyway.)
> There's no real reason outside of developer testing to ever disable Wifi.
When I go for a ramble or cycle in the countryside there's no point having Wifi enabled for four or five hours with no APs within several kilometres, so I disable it.
Likewise I disable Bluetooth and GPS when not needed. Being a 'good RF citizen'.
>Then just use the lan ports on the device, but also make sure the LAN cables are shielded because it could be using them as antennas given how compromised wifi router firmwares usually are.
Those shielded Ethernet cables better be properly grounded.
> But still, this is only problematic if you "trust" an access point.
Which is the case for the vast majority of wifi users.
It is completely irrelevant how any of us here consider their access point. The problem is that the masses could be subject to these attacks and allows propagating malwares and botnets.
> According to the dates[0] I found online says Windows was the first to have a feature that would automatically connect to your cellular connection if the Wifi didn't work.
This is the most infuriating feature ever. Google implemented it in 2014 in Android, and you couldn't properly disable it. Not even today.
I frequently need to connect to intranets where Google services are blocked for security reasons, and it's infuriating to fight hundreds of times with the settings so you can get the WiFi to work.
>I suspect this has to do with beaconing and once you force it to join your wifi it will stop until you leave your wifi coverage.
Great point. Wouldn't that mean it "beacons" to your neighbor when you drive home? Then stays connected as you go inside?
Wifi is tricky, if a momentary loss of your main SSID results in your device hopping to the next-available SSID your phone is basically always at risk of jumping LANs
>At this point I’m not sure there’s a need for normal users to actually turn off Wi-Fi. The only real case would be something like airplane mode which already has its own setting.
I ran into a use case for turning off wifi the other day. My ISP was having problems and the wifi network could not reach the internet. Turning off wifi saved me the trouble of forgetting my wifi network, and then looking up / typing in the password when I rejoined.
It's worse than that - android kernels process beacon frames even if wifi is disabled.
So you should be worried about this if you have an android 11/12 phone, even if you don't use wifi.
Linux desktop/laptop users should be worried if they have wifi enabled, even if not connected to a network.
reply