UCF STIG Viewer Logo

A Wi-Fi profile must be set up on managed iOS devices to disable access to any public Wi-Fi network that iOS may otherwise auto-join.


Overview

Finding ID Version Rule ID IA Controls Severity
V-34316 WIR-MOS-iOS-70-04 SV-44841r1_rule ECWN-1 Medium
Description
iOS has the capability to “auto-join” public Wi-Fi networks that are pre-configured in iOS. This feature is available in iOS to improve a user’s experience when connecting to the Internet. The “attwifi” public network has been found to be monitored by hackers and easily spoofed, so users do not know if they are connecting to the real network or the hacker controlled network. Sensitive DoD data could be exposed if a DoD user’s iOS device is connected to a hacker controlled Wi-Fi network. An iOS GSM device from ATT will attempt to auto-join any attwifi network in the vicinity of the device.
STIG Date
Apple iOS 6 Interim Security Configuration Guide (ISCG) 2013-01-17

Details

Check Text ( C-42310r1_chk )
This check is not applicable if the site does not use any iOS devices from ATT.

1. Make a list of all iOS security policies listed on the MDM server that have been assigned to iOS devices and review each policy.
2. Select each security policy iOS devices are assigned to, and in turn, verify the required settings are in the policy. Verify a Wi-Fi profile has been set up in the security policy with the following features:
•SSID: attwifi.
•Passphrase: any eight character or larger passphrase.
•Auto-join: set to off.

(Note: this setting effectively stops the iOS device from automatically connecting to the attwifi network when in range of a network access point and also disables the ability of a user from connecting the network.)

Mark as a finding if the required Wi-Fi profile is not set up in the security policy and it does not have the required configuration.

Note: If there is a finding, note the name of the policy in the Findings Details section in VMS/Component Provided Tracking Database.

On the Good Technology MDM server, the Wi-Fi profile is found in the “WiFi” tab of the “iOS Configuration” section of the security policy.
Fix Text (F-38277r1_fix)
Set up a Wi-Fi profile on the MDM server security policy to disable attwifi network connections.