False security: iPhone MAC addresses do not remain secret (although Apple promised it)
Three years ago, Apple launched a software update designed to hide the MAC address in networks. The idea was to prevent iPhones from being tracked so easily. Now it turns out that the feature never worked.
Security researchers have discovered that Apple advertised a security feature for years that never really worked. In 2020, the tech company launched iOS 14, which included a function designed to improve privacy in networks. Namely, the MAC address of the device is not disclosed to the network.
Instead, the iPhone generates a "private" Wi-Fi address, which is different for every SSID - i.e. in every Wi-Fi network. This is called "spoofing". This should prevent the MAC address from being sent to other clients in the network and being misused.
What is a MAC address and why does Apple want to keep it secret?
A MAC address stands for "Media Access Control Address" and is used to identify your device in a network - or rather the network adapter of your device. A MAC address is static, so it never changes. It can also be uniquely assigned to a specific device.
This would theoretically allow other users to assign data traffic on the network to your device. Or find out certain other data such as the manufacturer of your device.
Why didn't the feature work?
The security experts Thommy Mysk and Talal Haj Bakry discovered a vulnerability a few days ago. This was given the name "CVE-2023-42846". It enables passive tracking of the MAC address. This in turn means that the function that Apple delivered with iOS 14 in 2020 was there, but did not work to the desired extent. iOS continued to send the MAC address to the network, although it should no longer have been doing this for three years.
On Wednesday, Apple rolled out iOS version 17.1. The update log states, among other things, that the update contains "a patch for the CVE-2023-42846 vulnerability". To date, Apple has not yet announced why this vulnerability remained unrecognised for so long - and why it was not widely communicated.
Tip: If you have an iPhone XR or newer, you should update iOS as soon as possible - although owners of older iPhones should of course also check the update menu regularly.
Cover image: Shutterstock
I've been tinkering with digital networks ever since I found out how to activate both telephone channels on the ISDN card for greater bandwidth. As for the analogue variety, I've been doing that since I learned to talk. Though Winterthur is my adoptive home city, my heart still bleeds red and blue.