Home
Forums
New posts
Search forums
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Search forums
Menu
Log in
Register
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Home
Forums
CARDING & HACKING
Carding News
One of the most important features in the iOS security system has not worked for years
Message
<blockquote data-quote="Plotu" data-source="post: 461" data-attributes="member: 5"><p>Are Apple's promises of enhanced privacy just words?</p><p></p><p>Three years ago, Apple developed a mechanism for its devices that promised to strengthen the privacy of users when connecting to Wi-Fi. However, recent research has shown that this feature has almost never worked properly.</p><p></p><p>A MAC address is a unique device identifier that can potentially be used to track user activity. Since 2013, standard HTTPS encryption has made it almost impossible for other people to monitor traffic on the same network, but a permanent visible MAC address still leaves certain loopholes.</p><p></p><p>In 2020, as part of the iOS 14 update, Apple implemented an algorithm that allegedly masked the real address by generating spoof IDs for each individual Wi-Fi network. Later, the function was improved, providing users with tools for manually configuring and changing substitution codes.</p><p></p><p>Recently, after the release of the iOS 17.1 update, experts discovered a vulnerability in the operating system with the code CVE-2023-42846, which made this mechanism ineffective from the moment of its creation. The problem was reported by researchers Tommy Misk and Talal Haj Bakri.</p><p></p><p>When a device connects to Wi-Fi, it communicates itself to other devices by transmitting its MAC address. In the case of iOS, this address must be fake to ensure complete privacy.</p><p></p><p>While the MAC address hiding feature didn't work properly, it wasn't useless and effectively blocked passive attempts to intercept data by spyware devices like CreepyDOL.</p><p></p><p>Misk posted a short video that demonstrates how a Mac uses the Wireshark packet analyzer to track traffic on the local network it is connected to. When an iPhone running iOS versions prior to 17.1 connects to this network, it transmits its real MAC address on port 5353 / UDP.</p><p></p><p>Most Apple users will not be affected by this vulnerability, but for those who pay special attention to their privacy, this can be a real problem. The company has not yet given detailed comments, but claims that the bug has already been fixed.</p></blockquote><p></p>
[QUOTE="Plotu, post: 461, member: 5"] Are Apple's promises of enhanced privacy just words? Three years ago, Apple developed a mechanism for its devices that promised to strengthen the privacy of users when connecting to Wi-Fi. However, recent research has shown that this feature has almost never worked properly. A MAC address is a unique device identifier that can potentially be used to track user activity. Since 2013, standard HTTPS encryption has made it almost impossible for other people to monitor traffic on the same network, but a permanent visible MAC address still leaves certain loopholes. In 2020, as part of the iOS 14 update, Apple implemented an algorithm that allegedly masked the real address by generating spoof IDs for each individual Wi-Fi network. Later, the function was improved, providing users with tools for manually configuring and changing substitution codes. Recently, after the release of the iOS 17.1 update, experts discovered a vulnerability in the operating system with the code CVE-2023-42846, which made this mechanism ineffective from the moment of its creation. The problem was reported by researchers Tommy Misk and Talal Haj Bakri. When a device connects to Wi-Fi, it communicates itself to other devices by transmitting its MAC address. In the case of iOS, this address must be fake to ensure complete privacy. While the MAC address hiding feature didn't work properly, it wasn't useless and effectively blocked passive attempts to intercept data by spyware devices like CreepyDOL. Misk posted a short video that demonstrates how a Mac uses the Wireshark packet analyzer to track traffic on the local network it is connected to. When an iPhone running iOS versions prior to 17.1 connects to this network, it transmits its real MAC address on port 5353 / UDP. Most Apple users will not be affected by this vulnerability, but for those who pay special attention to their privacy, this can be a real problem. The company has not yet given detailed comments, but claims that the bug has already been fixed. [/QUOTE]
Name
Verification
Post reply
Home
Forums
CARDING & HACKING
Carding News
One of the most important features in the iOS security system has not worked for years
Top