macOS' iCloud Keychain syncing of WiFi networks a security risk (opens in new tab)

While it could be said that the user shouldn't be mixing a "home" keychain (iCloud) account on a "work" machine, perhaps their work have a BYOD policy, and/or perhaps a policy of using Keychain for work-related password storage, and since iOS doesn't allow the use of multiple user accounts even on their so-called "Pro" devices (hello, Apple? It's 2022!) maybe they don't really have a choice.

But I think that whole argument is beside the point, because the real issues as pointed out are:

- one network used on one device shouldn't necessarily mean that it's suitable for *all* the user's devices [1]

- but more importantly: syncing of Wifi network should only be a convenience; actually connecting to a synced-in Wifi network should only happen by explicit user action, and the 'auto-join' feature should never, ever sync across devices (it should only ever be a device-specific setting), defaulted to off when synced in via iCloud Keychain sync. [2]

That second point is what I also believe to be a security risk.

Yeah, sure, it's a "feature", but with what I feel is a massive security risk.

[1] https://twitter.com/MCSeb/status/1590722905876619265

[2] https://twitter.com/MCSeb/status/1590723613824806912 (though I think OP misunderstood the System Preferences settings on 'auto join')

While the OP is referring to a "work" machine, I feel their setup is besides the point - it's the fact that it's auto-joining a synced-in Wifi that's the issue...

Essentially, what happened to me is that on my iOS device I was setting up an IoT device (which, similar to the OP, I keep IoT stuff on a different network segment from the rest on my home network by having their own 'IoT devices only Wifi'), which you can only do so via an app, by joining an 'ad-hoc' network created by the IoT device. And that's where all that began; the sequence of events:

1. joined the IoT's Wifi network from my iOS device to set it up; doing this records that Wifi connection in iOS, and the default is that 'auto-join' is enabled for newly joined networks

2. this new Wifi network is synced to my Mac(s) (all personal machines) since I have iCloud Keychain sync enabled

3. Later on, my Mac lost its primary network connection (from router reboot, or other event, etc.); Mac goes "Hmm, network down. Oooh! There's this other new Wifi that's available, lemme join that one automatically!"

4. Me later, after noticing my internet doesn't seem to work on my mac, even though it shows having a network connection: "WTF is this connected to that network?!? I don't want anything else connecting to that!!"

So essentially my mac(s) joined a new network not meant for them, automatically, without my explicit action. That potentially opens it up to security issues of the IoT device because of this auto-join it does behind one's back.