Hacker Read top | best | new | newcomments | leaders | about | bookmarklet login

> > anybody who uses WiFi

It's worse than that - android kernels process beacon frames even if wifi is disabled.

So you should be worried about this if you have an android 11/12 phone, even if you don't use wifi.

Linux desktop/laptop users should be worried if they have wifi enabled, even if not connected to a network.



sort by: page size:

> Meanwhile I guess disabling WiFi is a mitigation?

That's a good question. If it's disabled in firmware and not actually powered down, it might still be susceptible.


>This change would be absolutely fine to me if it were communicated to the user in any way whatsoever.

Well, there IS a strike-over in the icon when you fully disable wifi.


> Totally creepy and unacceptable that a private piece of equipment can be affected remotely.

Any modern mobile network client can be affected by the developer's servers going down, because that's the only way to do captive WiFi network detection.

Chrome, for instance: http://www.chromium.org/chromium-os/chromiumos-design-docs/n...

(I believe this kind of thing won't be necessary when Passpoint networks are deployed.)


> My phone keeps trying to use wifi rather than connecting to my cellular network.

This already exists and it's called "Wi-Fi Assist". It's disabled by default but you can enable it by scrolling all the way down in the "Mobile Data" settings menu (after all the apps).


> There is an obscure setting in location where you can disable it.

For those wondering, I believe the setting is Settings => Location => => Scanning (in the the vertical dots menu in the upper right) => Wi-Fi scanning (on my Nexus 5 running Android 6.0.1, anyway.)


> quietly joined a wifi network

i would suggest not having your phone auto-connect to just any open wifi network, but that's just me.


> Even worse is the Wifi sharing with social networks

Which is turned off by default....


> There's no real reason outside of developer testing to ever disable Wifi.

When I go for a ramble or cycle in the countryside there's no point having Wifi enabled for four or five hours with no APs within several kilometres, so I disable it.

Likewise I disable Bluetooth and GPS when not needed. Being a 'good RF citizen'.


>Then just use the lan ports on the device, but also make sure the LAN cables are shielded because it could be using them as antennas given how compromised wifi router firmwares usually are.

Those shielded Ethernet cables better be properly grounded.


> due to the nature of of the way mobile devices look for wifi signal

Don't phone's listen only for SSID beacons? Why would they be transmitting at that time?


> But still, this is only problematic if you "trust" an access point.

Which is the case for the vast majority of wifi users.

It is completely irrelevant how any of us here consider their access point. The problem is that the masses could be subject to these attacks and allows propagating malwares and botnets.


> According to the dates[0] I found online says Windows was the first to have a feature that would automatically connect to your cellular connection if the Wifi didn't work.

This is the most infuriating feature ever. Google implemented it in 2014 in Android, and you couldn't properly disable it. Not even today.

I frequently need to connect to intranets where Google services are blocked for security reasons, and it's infuriating to fight hundreds of times with the settings so you can get the WiFi to work.


>I suspect this has to do with beaconing and once you force it to join your wifi it will stop until you leave your wifi coverage.

Great point. Wouldn't that mean it "beacons" to your neighbor when you drive home? Then stays connected as you go inside?

Wifi is tricky, if a momentary loss of your main SSID results in your device hopping to the next-available SSID your phone is basically always at risk of jumping LANs


> I found online says Windows was the first to have a feature that would automatically connect to your cellular connection if the Wifi didn't work.

If the wifi doesn't work, no phone will use it. If the wifi is BAD, that is completely different.


Or it's a jab at the competition.

"So Android spontaneously turns your Wi-Fi off? How silly. Why, you know what? Ours will spontaneously turn on, take that!!"


>At this point I’m not sure there’s a need for normal users to actually turn off Wi-Fi. The only real case would be something like airplane mode which already has its own setting.

I ran into a use case for turning off wifi the other day. My ISP was having problems and the wifi network could not reach the internet. Turning off wifi saved me the trouble of forgetting my wifi network, and then looking up / typing in the password when I rejoined.


Notice the previous sentence: "Based on links here and here, it appears that Android devices with Realtek Wi-Fi chips may also be affected."

> if it bothers me too much I'd just make sure that the damn thing never gets online access

Which might be quite a challenge with some devices when your neighbors drown you in free WiFi.


> Turning off WiFi makes your battery life worse, because you'll forget to turn it back on

What? (I'm not OP)

next

Legal | privacy