CERT-FR recommends completely deactivate Wi-Fi whenever it’s not in use

The CERT-FR (French Computer Emergency Response Team) is advising iPhone and Android users to fully disable Wi-Fi to reduce risk.

CERT-FR warns iPhone and Android users to fully disable Wi-Fi to reduce exposure, citing multiple vulnerabilities across wireless interfaces, apps, OSs, and even hardware. The agency reiterates basic hygiene: install apps only from official stores, review permissions, keep devices updated and rebooted, use a VPN on public Wi-Fi, and disable auto-join on open networks.

Smartphones, handling vast amounts of data and multiple features, are prime targets for cyber intelligence. They have extensive vulnerabilities across wireless interfaces, apps, operating systems, and hardware. Weaknesses in protocols like Wi-Fi, Bluetooth, NFC, and cellular networks allow data interception or spyware deployment. Sophisticated zero-click exploits can compromise devices without user action, leaving minimal traces. State-sponsored actors and Private Sector Offensive Actors (PSOAs) exploit these flaws, increasing threats and complicating attribution. Mobile devices face a broad and growing attack surface from advanced offensive capabilities.

“The ubiquity and systematic use of smartphones, along with the increasing number of features and data they handle, make them targets of interest for the acquisition of cyber intelligence.” reads the report “MOBILE PHONES – THREAT LANDSCAPE SINCE 2015” published by CERT-FR. “These everyday devices exhibit multiple vulnerabilities as well as a significant attack surface across multiple layers of the device architecture. These vulnerabilities may reside within wireless interfaces, applications, operating systems, and even within hardware components. The numerous communication protocols used, such as cellular network, Wi-Fi, Bluetooth and NFC, suffer from several weaknesses facilitating the interception of exchanged information, or even the alteration of data in order to deploy spyware code on the devices.”

The report includes a set of recommendations to protect mobile devices.

Wi-Fi, especially public or poorly configured networks, can be exploited for man-in-the-middle attacks to intercept or alter data on connected devices. Real cases include Wi-Fi flaws used to deploy spyware, commercial interception tools, and fake access points for phishing or malware.

Recommended defenses include turning off Wi-Fi when not needed, disabling auto-connect, avoiding public networks, and using a VPN when necessary.

“Recommendations on Wi-Fi usage:

• Deactivate Wi-Fi when it is not in use.
• Disable automatic connection to known or open Wi-Fi networks.
• Do not connect to public Wi-Fi access points unless it is necessary and if so, use a VPN.” continues the report.

Mobile wireless interfaces (2G–5G, Wi-Fi, Bluetooth, NFC) let devices communicate via radio waves and have exploitable vulnerabilities. Attacks target these interfaces in three ways: passive interception to capture identifiers and data, active interception to decrypt or hijack communications, and data modification to alter exchanges and compromise devices.

France and the UK launched the Pall Mall Process in late 2023 to curb the misuse of commercial cyber intrusion tools. The initiative promotes cooperation, threat sharing, and legal safeguards.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Wi-Fi)