Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: iOS12 password sharing  (Read 1215 times)

Weaver

  • Addicted Kitizen
  • *****
  • Posts: 6569
  • Retd sw dev; A&A; 4 × 7km ADSL2; IPv6; Firebrick
iOS12 password sharing
« on: September 27, 2018, 03:05:56 PM »

I read something about a new feature in ios12 where a user can send a saved website password to another machine, by using airdrop I think. But can you send a saved wireless LAN password as well?
Logged

displaced

  • Reg Member
  • ***
  • Posts: 150
Re: iOS12 password sharing
« Reply #1 on: September 27, 2018, 09:15:38 PM »

I think WLAN password sharing’s been around since iOS 11.

I changed my home WiFi password a while back. When my brother-in-law visited and started using his phone, my phone prompted me to ask if I wanted to share the credential with him.

Of course, it only did so because I have his iCloud email address against him in my contacts app.

Quite nifty, all told.
Logged
Vodafone Landline+FTTC: Huawei DSLAM, HG612 modem, pfSense router, Ubiquiti access points. GigE home LAN with Netgear ProSafe switches. Mac, FreeBSD and Win10.

Weaver

  • Addicted Kitizen
  • *****
  • Posts: 6569
  • Retd sw dev; A&A; 4 × 7km ADSL2; IPv6; Firebrick
Re: iOS12 password sharing
« Reply #2 on: September 27, 2018, 09:41:56 PM »

How does that work, exactly?
Logged

displaced

  • Reg Member
  • ***
  • Posts: 150
Re: iOS12 password sharing
« Reply #3 on: September 27, 2018, 10:05:20 PM »

Hmmm. I can find lots of stuff about how to use it, but little on how it works.

I imagine the initial handshake must be over Bluetooth LE owing to the fact they’re not yet on the same WiFi network and that the devices need to be in reasonably close proximity.

It probably goes something like:

“Hey, I’m trying to join SOMENET but don’t know the password”
“I know it. Who are you?”
“I’m foo@icloud.com”
“OK, I know you - you’re in my contacts list. Let me ask my user if they want to let you know the password...
...Yep. Here you go!”

Of course, there’s no doubt a ton of key-exchange going on.  All iCloud leans on PKI quite heavily, so the real conversation isn’t really so naive.
Logged
Vodafone Landline+FTTC: Huawei DSLAM, HG612 modem, pfSense router, Ubiquiti access points. GigE home LAN with Netgear ProSafe switches. Mac, FreeBSD and Win10.

Weaver

  • Addicted Kitizen
  • *****
  • Posts: 6569
  • Retd sw dev; A&A; 4 × 7km ADSL2; IPv6; Firebrick
Re: iOS12 password sharing
« Reply #4 on: September 27, 2018, 10:07:44 PM »

I should have asked how does one use it too.

I need to make sure that effectively no one succeeded with this without my authorisation. When I read about a similar Microsoft thing, I used their disable mechanism of suffixing __optout on the end if the SSID. But in this case, I have MAC filtering as a next-level block too, to aid in frustrating such things. (And I do know that MAC addresses can be altered or spoofed.) Unless someone is on the MAC whitelist they can only join the guest SSID and having a WLAN password is not enough for the main SSIDs.
« Last Edit: September 27, 2018, 10:13:30 PM by Weaver »
Logged

displaced

  • Reg Member
  • ***
  • Posts: 150
Re: iOS12 password sharing
« Reply #5 on: September 27, 2018, 10:43:35 PM »

So, if someone comes to your house, opens the WiFi settings on their iOS device and tries to join your network, you’ll be asked if you want to share your WiFi password with them *only if* you have their iCloud email address in *your* contacts.  You also must have your devices in close proximity.

Otherwise, no offer is made and no exchange takes place.

Here’s a video of the process:
https://m.youtube.com/watch?v=yOBOA80e-m4&time_continue=15

Edit: after further reading, it seems that not only must you have their iCloud email in your contacts, they must also have yours.  Plus this only exchanges the PSK, not any additional credentials your wlan may require.




« Last Edit: September 27, 2018, 10:48:14 PM by displaced »
Logged
Vodafone Landline+FTTC: Huawei DSLAM, HG612 modem, pfSense router, Ubiquiti access points. GigE home LAN with Netgear ProSafe switches. Mac, FreeBSD and Win10.

sevenlayermuddle

  • Helpful
  • Kitizen
  • *
  • Posts: 3767
Re: iOS12 password sharing
« Reply #6 on: September 27, 2018, 10:58:19 PM »

Hmm, there are many people in my contacts, but very few are ‘friends’ with whom I would share passwords.   My own abode has two wifi networks, one which allows public internet access, and one which also allows access to my private wired lan network.    That includes, for example, printer access, so it is a valued privilege.

When aquaintances visit, I freely disclose the password for the public internet.   If they ask “what is this other SSID”, I simply explain that it must belong to one of the neighbours.   Unless of course they are genuine trusted friends, with a genuine need for access, such as wanting to print a boarding pass.   In that case, I slip them a printed copy of the Pass phrase, that I keep hidden under a vase on the mantlepiece.

Not sure how my own system could be improved upon?


« Last Edit: September 27, 2018, 11:03:12 PM by sevenlayermuddle »
Logged

displaced

  • Reg Member
  • ***
  • Posts: 150
Re: iOS12 password sharing
« Reply #7 on: September 27, 2018, 11:47:38 PM »

Your system’s absolutely fine - I would do something similar if I had the inclination!

This would purely replace either the slip of paper for your private WLAN or the need to recite and type the guest network PSK.

If a visitor happens to be someone for whom you both have each other as contacts, and they want to join your guest WLAN, you’re free to ignore the iOS share request and they can type the password manually.

My PSK is 28 characters long.  It’s quite easily memorable and easy to recite, but a pain to type. So when I first discovered this feature when my brother-in-law visited, I was quite happy.

Plus, his device might know my password, but he doesn’t!
Logged
Vodafone Landline+FTTC: Huawei DSLAM, HG612 modem, pfSense router, Ubiquiti access points. GigE home LAN with Netgear ProSafe switches. Mac, FreeBSD and Win10.

Weaver

  • Addicted Kitizen
  • *****
  • Posts: 6569
  • Retd sw dev; A&A; 4 × 7km ADSL2; IPv6; Firebrick
Re: iOS12 password sharing
« Reply #8 on: September 28, 2018, 03:02:48 AM »

My main LAN password is a vile long pig, very strong, but my wife and I memorised it.

Trusted friends get access to the internet only by logging in to my guest SSID, and as mentioned earlier, they would not be successfully even if my wife ill-advisedly gave them the good password, because of MAC address filtering. The guest SSID password is easy to type, short yet strong and is nonsense.

> simply explain that it must belong to one of the neighbours

I have thought of using that one. Luckily it has never so far arisen. Good idea. Since all my SSIDs are not in English, pining visitors users cannot understand them, so they do not ask for access that will not be granted.
Logged

sevenlayermuddle

  • Helpful
  • Kitizen
  • *
  • Posts: 3767
Re: iOS12 password sharing
« Reply #9 on: September 28, 2018, 09:20:04 AM »

I like the Mac filtering idea.

Occasionally I find myself reluctantly disclosing the private password as a one-off favour, but it seems a bit cheeky to insist that the “guest” deletes it afterwards, probably with me leaning over their shoulder to make sure they do it properly.   Mac filtering might be a less intrusive alternative.

When, if ever, I have the time, I might well take a look to see what my router has to offer wrt mac filters. :)
Logged

Weaver

  • Addicted Kitizen
  • *****
  • Posts: 6569
  • Retd sw dev; A&A; 4 × 7km ADSL2; IPv6; Firebrick
Re: iOS12 password sharing
« Reply #10 on: September 28, 2018, 04:09:47 PM »

Many WAPs have MAC address filtering.

I have an L2 firewall feature in my WAPs, as well as the usual kind of MAC address filtering. It’s called ‘isolation’ by ZyXEL and is per-SSID. It allows you to create named objects which can be reused, and each is either a whitelist or blacklist of MAC addresses. With these isolation lists, which are ACLs of a kind, you can specify which devices the members of a group can or cannot talk to. Also in a separate, per-SSID feature, you can prevent devices from talking to one another within a particular group.  It was an important feature added in by ZyXEL in an update, buried away in the release notes, and was very welcome.
Logged
 

anything