WiFi - security iOS

Discussion in 'iPhone' started by Suffa, Feb 11, 2016.

  1. Suffa macrumors member

    May 11, 2013

    I'm hoping to find someone who's good at networking in general, iOS security.

    A company just implemented BYOD policy, and this makes the process of accessing the WiFi kind of a b*tch.

    I just want to know what kind of certificates i'm allowing to install on my iPhone in order for it to access the WiFi.

    First you need to get private login credentials, after that, when you want to access it prompts to install these certificates:

    VeriSign Class 3 Public Primary Certification Authority - G5
    Symantec Class 3 Secure Server CA - G4

    I'm unfortunately not very good at this kind of stuff so I want to know why and what these certificates do. I mean, when running a VPN on your iPhone you have to install a vpn-profile certificate but this WiFi isn't VPN, it's regular WPA WiFi...

    So what does these certificates do?

    Also, when I'm on company WiFi, what does my iPhone "leak", network wise.. I mean when I'm home, I don't care what kind of data is accessing the net since im on my own secure network but Im not sure how iOS handles this..

    I don't know but i worry something personal will "leak" or be visible when connected to another WiFi, like as soon as I access the WiFi, someone opens his eyes and looks inside my iPhone haha..

    I hope someone who knows important things like this wants to help out :)

    /Mr Paranoid
  2. timeconsumer macrumors 68000


    Aug 1, 2008
    Ok so I started to type out a really long explanation on this but then I realized without knowing the full setup of the authentication and certificates I could possibly give you an incorrect answer.

    With that being said here's a simple answer. If you're concerned about your employer viewing your internet activity, then I would suggest to stay off of the WiFi.

    They wouldn't be able to view things on your device per se but they would be able to see anything transmitted to/from your device across the network. Since they require a login to access the WiFi, they could easily run reporting software and know everything you accessed. The only way around this would be to use a VPN so it would be encrypted but I doubt they'd allow you to connect to an outside VPN.

    Another possible scenario is they don't care what traffic is being sent across they just want to make the access point more secure and keep people off the WiFi who shouldn't have access. This would be best case scenario but unless you're a part of the network team you wouldn't likely know.
  3. Suffa thread starter macrumors member

    May 11, 2013
    Yea okay, It's not really that I'm worried about. It's a big company and they probably don't give a **** about what I'm doing unless it's something illegal.

    I'm just wondering what these certificates do in the phone. How are they used? Are they used just for the sign up process? I don't understand how it works, what does the profiles that are installed do?

    Im just generally against connected to a network im not in control of because I feel like when i connect a device to a network, it becomes a target. I feel like someone is able to look "inside".. that's probably not the case with iOS but anyway. I bet the iPhone doesn't broadcast anything important haha, just crap data from different apps..
  4. jasie02 macrumors 6502a


    Sep 18, 2014
    Not sure it is good idea to talk about your company's security measurement on macrumor, while you are still employed?
    Even thought it is on the surface.

    Shouldn't this a question between you and your IT?
  5. nightcap965 macrumors 6502a


    Feb 11, 2004
    Cape Cod
    All the certificate does is tell the other end that you are who you say you are. That's it. I'm not authorized, you are.

    As for what leaks - from iOS, it's what you do online that can be revealed. If you happen to already have a copy of Belinda Does Boston XXX in your videos, no one else will know it. If you *download* a copy of Belinda Does Boston XXX while you're on the company network, the fact that your address connected to a questionable site may very well be noticed.
  6. timeconsumer macrumors 68000


    Aug 1, 2008
    If it's a big company then you're correct, they likely won't care unless you're accessing content that could bring harm to the network or a potential legal issue.

    Certificates installed on your iPhone in this circumstance are going to be to verify your identity with the server. By installing the certificate it's not going to magically give them access to your iPhone.

    I'm not sure your experience with networks, but when you do anything on the internet you send and receive packets. These packets can be intercepted along the way and if they aren't encrypted it's easy to tell where you're going and what you're doing. So yes they would likely see a lot of packets from random apps. For instance if somebody has Clash of Clans, that has a constant connection and is annoying, especially if multiple people on the same network have it installed.

    I used to work as a network admin and my general recommendation to people is if you have any concerns, whether it's what we can see, or you don't trust the certificates then don't access the network. Based on what you described of the certificates it sounds like they setup radius authentication and those certificates are a requirement of radius authentication. Honestly, your IT department probably has an internal wiki or would likely reply to any questions on it. But I don't think there should be any concern. Also, you can always remove any certificates or profiles installed on your iPhone if you don't feel comfortable with it.
  7. Suffa thread starter macrumors member

    May 11, 2013
    What about app encryption.

    Like when you're connected to the WIFI and open an app like Facebook, Twitter, Spotify, YouTube, Alien blue... Does it send the login credentials in plain text or how does apps work the connection?

    I mean all of those apps are already logged in, but do they verify login credentials everyone I open them anyway?

Share This Page