About

  • iPhone J.D. is the oldest and largest website for lawyers using iPhones and iPads. iPhone J.D. is published by Jeff Richardson, an attorney in New Orleans, Louisiana. This site does not provide legal advice, and any opinions expressed on this site are solely those of the author and do not reflect the views of Jeff's law firm, Adams and Reese LLP. iPhone J.D. is not associated with Apple, Inc.

Contact Me

FTC Notice

  • Pursuant to 16 CFR Part 255, the Federal Trade Commission's Guides Concerning the Use of Endorsements and Testimonials in Advertising, please note: (1) iPhone software and hardware developers routinely send me free versions of their products to review. I sometimes keep and continue to use these products that I did not pay for after posting my review, which might be considered a form of compensation for my review, but I do not believe that I let that color my review. (2) When I post links to product pages on certain stores, including but not limited to Amazon and the iTunes App Store, my links include a referral code so that when products are purchased after clicking on the link, I often receive a very small percentage of the sale. As an Amazon Associate I earn from qualifying purchases. Again, I do not believe that I let that color my review of products. (3) Some of the ads that run on this website are selected by others such as Amazon or Google. If one of these ads comes from the seller of a product reviewed on iPhone J.D., that is a coincidence and I do not believe that it colors my review of that product. Other ads are from paid advertisers, and if I discuss a product from a company that is a current advertiser, I will note that. (4) Some of the ads that run on this website are from monthly sponsors of iPhone J.D. When I discuss products from these companies on iPhone J.D., I do so to pass along information provided to me by the sponsor. Often, I will also provide my own commentary on the product, and while my goal is to be honest, please keep in mind that I was compensated to promote the product. If you have any questions about this, just send me an e-mail or post a comment on a specific product review.

« In the news | Main | In the news »

October 17, 2017

Wi-Fi is hacked, but iPhone and iPad will soon be safe

Wi-FiI suspect that virtually every attorney with an iPhone or iPad uses Wi-Fi in connection with the representation of a client.  And if you are on a modern password-protected network, it should be reasonably safe to do so.  Unfortunately, things became more uncertain yesterday when Belgian security researcher Mathy Vanhoef revealed that it was possible for a hacker to intercept Wi-Fi communications, even over a secure password-protected WPA2 network, and even if the hacker didn't know the password.  Yikes.

Lily Hay Newman of Wired has a good explanation of the flaw, which Vanhoef calls a Key Reinstallation Attack (KRACK).  And while the technical details of the risk may go over your head (mine too!), an argument can be made that every lawyer using technology such as Wi-Fi needs to keep up with this stuff.  For example, ABA Model Rule 1.6(c) says that lawyers shall take "reasonable efforts ... to prevent unauthorized access to ... information relating to the representation of a client."  What reasonable efforts should a lawyer take?  Comment 8 to Model Rule 1.1 says that "a lawyer should keep abreast of ... benefits and risks associated with relevant technology ...."  And ABA Formal Opinion 477 (May 11, 2017) says that "lawyers must, on a case-by-case basis, constantly analyze how they communicate electronically about client matters" and must undertake "reasonable efforts to prevent inadvertent or unauthorized access."  Of course, keeping abreast of the risks is easier said than done considering that technology changes so rapidly, as do security risks.

That's the bad news.  Fortunately, there is good news for iPhone and iPad users.  First, while every Wi-Fi device is at risk to some extent, those of use who use iPhones and iPads are at less risk than folks using Android.  According to Tom Warren of The Verge, 41% of Android users are at risk, especially those using Android 6.0, because of the Wi-Fi implementation on those devices.  The current version of Android is 7.0, but unlike iOS users, it is typically much harder for Android users to update their devices.  There are many reasons for this, including that most Android phone manufacturers have no financial incentive to update older devices so they don't do so.  Fortunately, Apple makes it much easier to update iOS devices and makes its frequent updates available for a wide range of devices, so you can expect to continue to receive security updates long after you buy an iPhone or iPad. 

The second item of good news is that Apple already has a fix for KRACK, as reported by Rene Ritchie of iMore.  Apple says that the fix is currently in a beta version and will soon be available for all users.  I'm not sure if this update will be in iOS 11.1 which I expect to come out in a few weeks (the one with the new Emoji in it) or if Apple will release a iOS 11.0.x update just to fix the KRACK flaw.  (Similarly, Apple has a fix for KRACK in a beta version of macOS.  And if you use Windows in your office or home, Microsoft similarly has a fix, as reported by Tom Warren of The Verge.)

What is currently less clear is whether you need to update both your iPhone/iPad and also your Wi-Fi router to fix this, or if just updating your iPhone/iPad is enough.  That article from Rene Ritchie of iMore says that whether you need to also update your router depends on the brand of router that you can using.  Of course, you have some control over the Wi-Fi router in your home and office, assuming that the manufacturer of your router releases an update.  But what concerns me is that if you are using Wi-Fi in another location, such as a hotel or conference or even just at another law firm, how are you supposed to know whether (1) the router is one that is vulnerable and (2) that router has been patched?  Hopefully we will soon get more information on how to confront this.

Note that there is another solution:  use VPN.  For a long time, I have recommended using VPN with your iPhone or iPad (and computer!) if you are using a public Wi-Fi network, but you can also use VPN on a private, password-protected network to protect yourself from any hacker using KRACK on the same network.  You can set something up at your own law firm so that all of your users can use VPN over Wi-Fi to connect back to your law firm network, or anyone can use a third-party VPN service.  For example, back in 2014 I reviewed a great app called Cloak; the name recently changed to Encrypt.Me and the service still works really well.

You could also avoid this particular hack by using cellular data instead of Wi-Fi.  I've been doing that more and more myself now that I have an AT&T unlimited data plan, and nowadays AT&T LTE is often faster than Wi-Fi for me.

Hopefully we will learn more about all of this very soon.  And when Apple does release the next version of iOS to fix this security flaw, I encourage you to install the update so that you have more protection when using Wi-Fi.

Comments

Subscribe

  • Get iPhone J.D. delivered to you via email.
    Name:*
    Your email address:*
    Consent*
    Yes, I consent to being emailed
    No, I do not want to be emailed
    Please enter all required fields Click to hide
    Correct invalid entries Click to hide
    No spam, ever. Promise. Powered by FeedBlitz

Awards

  • ABA Journal named iPhone J.D. the best Legal Technology blog in 2010, 2011 and 2013, and added iPhone J.D. to its Hall of Fame in 2014:

    The Expert Institute named iPhone J.D. the Top Legal Tech Blog in 2017:

Recent Posts