iPhones have been exposing your unique MAC despite Apple’s promises otherwise — “From the get-go, this feature was useless,” researcher says of feature put into iOS 14
iPhones have been exposing your unique MAC despite Apple’s promises otherwise — “From the get-go, this feature was useless,” researcher says of feature put into iOS 14
“From the get-go, this feature was useless,” researcher says of feature put into iOS 14.
iPhones have been exposing your unique MAC despite Apple’s promises otherwise — “From the get-go, this feature was useless,” researcher says of feature put into iOS 14::“From the get-go, this feature was useless,” researcher says of feature put into iOS 14.
tl;dr It was a bug. It is fixed in 17.1.
60this is whitewashing Apple. It was introduced in iOS 14. A trillion dollar company like apple should have had this fixed long before.
59Hmm, tldr bot didn’t mention this…
7This is why we call it artificial intelligence, rather than digital intelligence.
18
This is the best summary I could come up with:
Three years ago, Apple introduced a privacy-enhancing feature that hid the Wi-Fi address of iPhones and iPads when they joined a network.
Enter CreepyDOL, a low-cost, distributed network of Wi-Fi sensors that stalks people as they move about neighborhoods or even entire cities.
In 2020, Apple released iOS 14 with a feature that, by default, hid Wi-Fi MACs when devices connected to a network.
Over time, Apple has enhanced the feature, for instance, by allowing users to assign a new private Wi-Fi address for a given SSID.
In fairness to Apple, the feature wasn't useless, because it did prevent passive sniffing by devices such as the above-referended CreepyDOL.
But the failure to remove the real MAC from the port 5353/UDP still meant that anyone connected to a network could pull the unique identifier with no trouble.
The original article contains 680 words, the summary contains 136 words. Saved 80%. I'm a bot and I'm open source!
24Very useful tech for schools, supermarkets and malls. I wonder if Apple will patch the 5353 port issue.
7I don’t understand why this article isn’t BS. It was meant to prevent passive snooping. If I connect to a network, it needs to know who I am.
I’ve worked with companies that implement this type of tech for monitoring road traffic congestion. IOS reduced the number of ‘saw same phone twice and can calculate speed’
5You are who you say you are to a network though, at least at layer 2.
If you say you’re one MAC address one time and another next time then so you are.
Let me give you an example. Let’s say I’m a device trying to connect to a network. Among other things I tell it “can I have an IP address, my MAC address is Majestic”. It says in turn, sure and notes down Majestic and routes or switches things to me when another device says it wants to reach my IP. In Wi-Fi it basically shouts out it has a packet for Majestic and sends it out onto the air with my unique encryption key I previously negotiated and I am listening for packets for Majestic and grab and process that packet. Now if I go back and connect again and call myself Dull it’ll do the same thing. Those names being stand-ins for MAC addresses of course.
This is simplified of course. And this is why MAC whitelisting is a futile attempt at security.
18
Get a Google Pixel. Use GrapheneOS.
4Pixels are too expensive. And you will support private data hungry evil company.
-10Pixels are too expensive.
My Pixel 6a was 300 bucks, it's not that expensive and I get security updates until 2027. With 8th Generation Pixels even getting 7 years of updates.
And you will support private data hungry evil company.
Pixels are the only phones that allow you to fully erase everything related to Google and at the same time keep good security.
8