It’s well-known that public networks generally offer less security than private ones, yet what many might not realize is that iPhones come equipped with a feature that automatically connects users to public Wi-Fi networks, even without consent.
This feature, known as ‘auto-join’, first seeks out preferred networks, then private options, and finally public ones, as explained by Apple.
Specifically regarding public networks, Apple notes these connections are ‘designed for general access in locations like hotels, airports, or coffee shops.’
While this feature can appear convenient in urgent situations, automatic connections could inadvertently link users to malicious hackers.
The NSA has raised alarms, stating that cybercriminals can create fake networks disguised as trustworthy ones, such as those from restaurants or hotels, then ’employ malicious access points that redirect users to harmful sites, inject malicious proxies, and intercept network traffic.’
Hackers are able to intercept public Wi-Fi networks (Getty Stock Image)
Describing these misleading networks as ‘evil twins,’ the agency warns that they ‘mimic expected public Wi-Fi, granting the attacker access to all transmitted data.’
“The threat is real,” the NSA cautions. “There are known methods that are actively in use.”
If hackers compromise your device, they can also extract personal information and sensitive data.
How to turn off Wi-Fi auto-connect
To mitigate this threat, iPhone users should disable the auto-connect feature by navigating to Settings > Wi-Fi.
There, locate ‘Ask to Join Networks’ and set it to ‘Off’ or ‘Ask.’ For ‘Auto-Join Hotspot,’ opt for ‘Never.’
“If users decide to connect to public Wi-Fi, they need to exercise caution,” the NSA emphasizes. “Data transmitted over public Wi-Fi—especially unprotected networks requiring no passwords—is at risk of interception or tampering. Even password-protected public networks might not encrypt data traffic.”
To enhance your safety, look for padlock icons in your browser’s URL bar, which indicates encrypted web browsing, and always refrain from entering personal credentials on unexpected pop-ups or familiar-looking
