|Finding ID||Version||Rule ID||IA Controls||Severity|
|iOS has the capability to “auto-join” public Wi-Fi networks that are pre-configured in iOS. This feature is available in iOS to improve a user’s experience when connecting to the Internet. The “attwifi” public network has been found to be monitored by hackers and easily spoofed, so users do not know if they are connecting to the real network or the hacker-controlled network. Sensitive DoD data could be exposed if a DoD user’s iOS device is connected to a hacker-controlled Wi-Fi network. An iOS GSM device from ATT will attempt to auto-join any attwifi network in the vicinity of the device.|
|Apple iOS6 Security Technical Implementation Guide||2014-10-07|
|Check Text ( C-42310r2_chk )|
| This check is not applicable if the site does not use any iOS devices from ATT. |
1. Make a list of all iOS security policies listed on the MDM server that have been assigned to iOS devices and review each policy.
2. Select each security policy iOS devices are assigned to, and in turn, verify the required settings are in the policy. Verify a Wi-Fi profile has been set up in the security policy with the following features:
•Passphrase: any eight-character or larger passphrase.
•Auto-join: set to off.
(Note: This setting effectively stops the iOS device from automatically connecting to the attwifi network when in range of a network access point and also disables the ability of a user from connecting the network.)
Mark as a finding if the required Wi-Fi profile is not set up in the security policy and it does not have the required configuration.
Note: If there is a finding, note the name of the policy in the Findings Details section in VMS/Component Provided Tracking Database.
On the Good Technology MDM server, the Wi-Fi profile is found in the “WiFi” tab of the “iOS Configuration” section of the security policy.
|Fix Text (F-38277r1_fix)|
|Set up a Wi-Fi profile on the MDM server security policy to disable attwifi network connections.|