Categories
Uncategorized

Disabling Wi-Fi Password Viewing on iOS devices

Starting with iOS 16, Apple enabled users to display the password of Wi-Fi networks using pre-shared keys (PSK). While this feature can be useful for retrieving a forgotten PSK, a customer recently asked me how we could disable this feature.

You can see the PSK if you click it and use your passcode/Face ID/Touch ID

If you are not yet using 802.1x authentication for your mobile devices (which you should!) and you still rely on a WPA2/WPA3 Personal SSID, I can see this as a reasonable concern. You might want to prevent users from exfiltratating the PSK and start connecting other devices to the network — even though trying to make your PSK secret to everybody could be challenging on other types of devices.

Let me show you my tip to work around this behaviour Apple introduced and make the Wi-Fi password inaccessible to the user.

We are going to rely on Apple Configurator. This is a nice software available on MacOS to create profiles for Apple devices. If you don’t have a MDM, you can do quite a lot with this software. We are going to create a profile containing our SSID profile configuration. We will provide the PSK inside this profile. The key thing here is the user will not be able to access the PSK that was imported from the profile.

  1. Download and install Apple Configurator on a MacOS machine
  2. Start Apple Configurator and create a new profile
  3. In the General menu, enter the profile name. For example, use the name of the SSID
  4. Go to the “Wi-Fi” menu and create your SSID
  5. Save the profile on the MacOS machine. You will obtain a .mobileconfig file. This is actually an XML file you can open with your preferred editor and take a look at.
  6. Transfer the .mobileconfig file to the iOS device. You can do it several ways:
    • Host the file on a Web server and use Safari to access the file
    • Share the file on a file transfer platform or send it through email and save the file on the local files of the iOS device
  7. When clicking the file on the iOS device, a pop-up message will tell you that the profile was imported in the Settings application but it is not installed yet.
  8. Go to the Settings app, you should see a new menu containing the profile you just imported:
  9. Click and Install the profile by following the wizard
  10. Once you installed the profile, the iOS device is now configured to associate to the SSID. If you check the SSID information button once connected, you should not be able to access the “Password” menu:

Leave a Reply

Your email address will not be published. Required fields are marked *