New Security Default: CERT-FR Urges Users to Fully Disable Wi-Fi When Not Active

If it already felt as though smartphone security advice had devolved into an endless catalogue of prohibitions, here is a new, officially endorsed level of paranoia: turn Wi-Fi off completely whenever you are not actively using it. Not merely “disconnect” from a network, but disable the interface altogether so the phone does not attempt to communicate with anything at all.

This recommendation was issued by France’s CERT-FR, the national cyber incident response authority, in coordination with its British counterpart. In recent weeks, users have already been reminded of basic digital hygiene: use secure messaging apps, move away from SMS-based codes where possible, install updates as soon as they are released, be cautious with commercial VPNs, and avoid untrustworthy services. The call to “fully deactivate Wi-Fi,” however, goes far beyond the familiar advice of “don’t connect to open networks.”

CERT-FR explains this stance by pointing to the ever-expanding “attack surface” of modern smartphones. Vulnerabilities may lurk not only in applications and the operating system, but also in wireless chips and even hardware components. In practical terms, this means that risk does not stem solely from phishing links or poorly written apps, but from the surrounding infrastructure itself—especially where wireless connectivity is involved.

The agency also reiterates the dangers of public networks, including the classic “evil twin” scenario, in which an attacker sets up a fake access point with a plausible name. Victims can then be quietly redirected to counterfeit login pages designed to harvest credentials, or exposed to attempts at malware injection through traffic manipulation. For this reason, beyond disabling automatic connections to unknown networks, French authorities propose a more radical step: switch Wi-Fi off entirely so the device cannot latch onto rogue access points, even accidentally.

For iPhone users, there is an important caveat. CERT-FR notes that disabling Wi-Fi via Control Center does not always shut the interface down completely; it often only severs the current connection. To truly turn Wi-Fi off, users are advised to do so through iOS Settings. They are also encouraged to disable automatic reconnection even to saved networks, including private ones, and to avoid public Wi-Fi whenever possible. If connectivity is unavoidable, traffic should be encrypted using a VPN.

The guidance also revisits other long-standing yet still relevant risks: the insecurity of legacy 2G networks with weak encryption, classic man-in-the-middle attacks, and “juice jacking” when charging devices from public USB ports. In the latter case, users are advised to rely only on trusted power sources or to use USB data blockers, and to power down unattended devices altogether.

How much inconvenience one is willing to endure in the name of security is a personal choice. Yet the very fact that national incident response centers are now recommending that Wi-Fi be disabled by default speaks volumes about the current threat landscape: convenience is no longer considered a safe default.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy