Security Awareness Blog

Security Awareness for iPhone Personal Hotspot feature.

One of the things we often teach in security awareness about mobile devices is disabling Bluetooth and Wi-Fi if you are not using them. By having these services enabled all the time, especially while traveling, can expose you to greater risk as others may be able to connect to your system. For example, with Wi-Fi networks attackers can create bogus Wi-Fi network names that match commonly used ones, which your iPhone may then silently join by default. In addition, both services can add an additional drain to your battery. However, it is even difficult for trained security professionals like me to keep up with the latest changes in technology. A new feature I love about my iPhone is the Personal Hotspot functionality, allowing me to turn my iPhone into my own 3G/Wi-Fi access point for my laptop. This is a great feature to have when traveling by taxi, train or stuck at hotels with dodgy Internet. However I noticed a continuing problem. Everytime I turn on my Personal Hotspot feature, it would also turn on both Wi-Fi and Bluetooth on by default. I can understand this as these are the options used for connecting. However, when I turned off the Personal Hotspot feature, both Wi-Fi and Bluetooth were left on. I did not notice this the first couple of time, but now I make it a practice of always manually turning off Wi-Fi and Bluetooth after using the Personal Hotspot feature. I'm sure this is well documented somewhere, I simply was not aware of this. So, if this is a concern in your organization, you may want to consider adding updates like these in the future to any Mobile Device / iPhone related security awareness training. This also demonstrates why any awareness program must be actively updated at minimum once a year, if not twice a year. Not only are threats and business requirements always changing, but so to is technology.