Bumper
Member
This is why one should not connect to WiFi networks that do not require a password (“open” networks). Think Starbucks and hotels and airplanes. And if you do, you must delete them from your known networks right away.
Also, be careful with “take over your phone” as this is not accurate depending on how you interpret it. I want to inform less technically savvy users and get them to have sane security practices. Fear also works, sure.
OK sure, the statement is up for interpretation. My interpretation is it is super easy to have a user accept a "trusted profile" on their iPhone. With that installed, a bad actor can see what you type, insert their own commands directly into your keyboard, gather your passwords in clear text, reconstruct on their browser everything you see on yours, redirect you to bad sites when you think you are going to good ones, capture your session keys for LinkedIn and Facebook to open those pages as you without needing your password, etc. If you don't believe it is possible, here is a 3 minute YouTube video on how easy it is to fully take over an iPhone. User just needs join a free wifi and accept the profile which most do. My motives are not fear, but education. The risk is real and very easy to accomplish. But as others have said, use a VPN and don't accept certificates or profiles, even if it looks like it is from a trusted source.