Security News > 2023 > October > Apple Private Wi-Fi hasn't worked for the past three years

Apple Private Wi-Fi hasn't worked for the past three years
2023-10-27 22:30

Three years after Apple introduced a menu setting called Private Wi-Fi Address, a way to spoof network identifiers called MAC addresses, the privacy protection may finally work as advertised, thanks to a software fix.

"To communicate with a Wi-Fi network, a device must identify itself to the network using a unique network address called a Media Access Control address," Apple explains in its documentation.

"If the device always uses the same Wi-Fi MAC address across all networks, network operators and other network observers can more easily relate that address to the device's network activity and location over time. This allows a kind of user tracking or profiling, and it applies to all devices on all Wi-Fi networks."

Private Wi-Fi Address aims to avoid such tracking by generating a different MAC address for each different Wi-Fi network.

The duo explain that Apple's software replaces the device's actual MAC address in the data link layer with a generated MAC address.

Until Apple repaired its code, the software also passed the real MAC address with the decoy in AirPlay discovery requests, even when connected to a VPN. Bakry and Mysk determined this by using the Wireshark network protocol analyzer, which revealed that the real MAC address was being sent in the Option Data: field, concatenated with the generated MAC address, as shown in this video.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/10/27/apple_private_wifi_fixed/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349