Member
- Joined
- Oct 10, 2023
- Messages
- 133
- Thread Author
- #1
Are Apple's promises of enhanced privacy just words?
Three years ago, Apple developed a mechanism for its devices that promised to strengthen the privacy of users when connecting to Wi-Fi. However, recent research has shown that this feature has almost never worked properly.
A MAC address is a unique device identifier that can potentially be used to track user activity. Since 2013, standard HTTPS encryption has made it almost impossible for other people to monitor traffic on the same network, but a permanent visible MAC address still leaves certain loopholes.
In 2020, as part of the iOS 14 update, Apple implemented an algorithm that allegedly masked the real address by generating spoof IDs for each individual Wi-Fi network. Later, the function was improved, providing users with tools for manually configuring and changing substitution codes.
Recently, after the release of the iOS 17.1 update, experts discovered a vulnerability in the operating system with the code CVE-2023-42846, which made this mechanism ineffective from the moment of its creation. The problem was reported by researchers Tommy Misk and Talal Haj Bakri.
When a device connects to Wi-Fi, it communicates itself to other devices by transmitting its MAC address. In the case of iOS, this address must be fake to ensure complete privacy.
While the MAC address hiding feature didn't work properly, it wasn't useless and effectively blocked passive attempts to intercept data by spyware devices like CreepyDOL.
Misk posted a short video that demonstrates how a Mac uses the Wireshark packet analyzer to track traffic on the local network it is connected to. When an iPhone running iOS versions prior to 17.1 connects to this network, it transmits its real MAC address on port 5353 / UDP.
Most Apple users will not be affected by this vulnerability, but for those who pay special attention to their privacy, this can be a real problem. The company has not yet given detailed comments, but claims that the bug has already been fixed.
Three years ago, Apple developed a mechanism for its devices that promised to strengthen the privacy of users when connecting to Wi-Fi. However, recent research has shown that this feature has almost never worked properly.
A MAC address is a unique device identifier that can potentially be used to track user activity. Since 2013, standard HTTPS encryption has made it almost impossible for other people to monitor traffic on the same network, but a permanent visible MAC address still leaves certain loopholes.
In 2020, as part of the iOS 14 update, Apple implemented an algorithm that allegedly masked the real address by generating spoof IDs for each individual Wi-Fi network. Later, the function was improved, providing users with tools for manually configuring and changing substitution codes.
Recently, after the release of the iOS 17.1 update, experts discovered a vulnerability in the operating system with the code CVE-2023-42846, which made this mechanism ineffective from the moment of its creation. The problem was reported by researchers Tommy Misk and Talal Haj Bakri.
When a device connects to Wi-Fi, it communicates itself to other devices by transmitting its MAC address. In the case of iOS, this address must be fake to ensure complete privacy.
While the MAC address hiding feature didn't work properly, it wasn't useless and effectively blocked passive attempts to intercept data by spyware devices like CreepyDOL.
Misk posted a short video that demonstrates how a Mac uses the Wireshark packet analyzer to track traffic on the local network it is connected to. When an iPhone running iOS versions prior to 17.1 connects to this network, it transmits its real MAC address on port 5353 / UDP.
Most Apple users will not be affected by this vulnerability, but for those who pay special attention to their privacy, this can be a real problem. The company has not yet given detailed comments, but claims that the bug has already been fixed.