EDIT: DISREGARD this post. I believe my friend misunderstood a standard iOS 8/9 feature, and it looked odd enough to me that the feature I was aware of changed slightly. It's likely human error that exposed the hot spot, or at worst someone was a victim of being hacked (less likely.) I appreciate the feedback. ------------------------------ FIRST, let me make the caveat that this issue MAY NOT APPLY to everyone, and may be isolated to a set of specific conditions, but maybe whoever reads this can test it themselves to see if they can reproduce it in situations unlike mine (a carrier other than T-Mobile, and perhaps BETWEEN devices that aren't related, and have never been exposed to one another in any capacity... in particular devices that are not on the same iTunes or Home Sharing set-up or any related iCloud keychain settings.) I have yet to do broader testing. A friend just called me up last night, and in the midst of complaining about random issues with iOS, he dropped a pretty massive bomb. After putting his family on T-Mobile's JUMP! Upgrade program, his son returned from school having expended over 9GB of data during the course of the day. Needless to say, he was shocked. On investigating the program, he found that the data was all being consumed by the "Personal Hotspot" feature (under Settings > Cellular > System Services > Personal Hotspot, it consumed the majority of the 9GB of used data.) This screenshot is from the same area on MY phone, not his son's. He had checked previously, but checked again and confirmed... PERSONAL HOTSPOT - OFF How could the Hotspot be consuming data if the service was explicitly shut off? Then he saw it. When going into the "Settings > Wi-Fi..." on a SEPARATE iOS device, there it was. He could clearly see his son's phone being offered as a Personal Hotspot. Yet, the service was turned off. If he SELECTED that Hotspot with his other device, he connected and was able to use that Hotspot, even without entering a password (the password simply was not requested, even though it had been set BEFORE the setting was shut off.) I thought there must have been a mistake. So, I tried it myself. I shut off the Personal Hotspot feature on BOTH my iPad and my iPhone, and then with the iPad's Cellular data turned off... I went into the Settings > Wi-Fi and waited. Sure enough, my iPhone appeared in the list of devices. I even tapped to "FORGET" the device, and it still showed up. Odd, right? Worse, when I tapped it, three VERY DISTURBING things happened. #1. The iPad connected to the Phone's Hotspot without asking for a password (set in the hotspot settings earlier before turning it off, and cleared from the iPad's memory). #2. The normal BLUE indicator showing that a device (my iPad) has connected to MY "Personal Hotspot" service... activated. #3.) The "Personal Hotspot" feature turns itself on. After disconnecting, the Personal Hotspot turned itself back-off. The main reason this is troublesome is that my Mac running OS X Yosemite respects the password without any trouble. But, iOS devices themselves don't seem to be adhering to that. Is this a convenience feature or a serious bug? My friend was VERY clear his son DID NOT enable the feature. And it was off when he checked it. He complained T-Mobile, and they insisted that his son must have given other kids the password... or something. But, nothing about these explanations made sense, except what we were able to see and test ourselves in albeit limited fashion. Any thoughts? This issue appears to fit the profile of something that could fly right under the radar and not be caught. His whole family has updated to 9.0.1 and the behavior still occurred. I'll likely test this with a few co-workers on different networks and accounts today.