Apple wifi MAC security flaw

tech
,

From Dan Goodin at Ars Technica iPhones have been exposing your unique MAC despite Apple’s promises otherwise:

Three years ago, Apple introduced a privacy-enhancing feature that hid the Wi-Fi address of iPhones and iPads when they joined a network. On Wednesday, the world learned that the feature has never worked as advertised.

The feature is interesting. You can track any wifi device because they all have a unique address called MAC1 that is broadcast. Apple, whose main business isn’t surveillance capitalism2 unlike Google, decided that doing something against that problem was worth it, and thus implemented in iOS 14, released in September 2020, a feature that would change that MAC address randomly for each wireless access points.

Turns out they botched the implementation and the feature ended up being useless as the unique MAC address was still broadcast but in a different place. And nobody noticed for 3 years.

Apple hasn’t explained how a failure as basic as this one escaped notice for so long. The advisory the company issued Wednesday said only that the fix worked by “removing the vulnerable code.”

Keeping things secret, sounds about very Apple.

  1. Medium Access Control. This has nothing to do with the Mac(intosh). ↩︎

  2. Whether they just use this as an ad campaign slogan or not will be left to history. But currently all signs point to being the case. ↩︎