iPhone’s Wi-Fi privacy-enhancing feature didn’t work for 3 years

Apple released iOS 14 in 2020, which included a feature that hid Wi-Fi MAC address when devices iPhones connected to a network, but unbeknownst to many, the feature never worked as intended.

The Cupertino-based tech company released iOS 17.1 on Wednesday, 26 October 2023, and with the update, Apple addressed a vulnerability, tracked as CVE-2023-42846, which prevented the feature from working.

iOS devices were meant to hide and replace the device’s actual MAC address. However, Apple devices have continued to display the real one, which could be pulled by any other device connected to the network.

The danger is that while iPhone users believed their MAC address was hidden, they could be tracked from network to network.

While HTTPS-encrypted communications have become the standard, reducing people’s ability to view others’ traffic on the network, a permanent MAC address makes it possible to track devices.

Ars Technica spoke to Tommy Mysk, one of the security researchers credited with discovering and reporting the CVE-2023-42846 vulnerability.

“From the get-go, this feature was useless because of this bug,” said Mysk.

“We couldn’t stop the devices from sending these discovery requests, even with a VPN. Even in the Lockdown Mode.”

However, the report also nnoted that the feature did protect against passive sniffing attacks such as CreepyDOL — a distributed network of Wi-Fi sensors that can track people moving around neighbourhoods and cities.

Now read: Google flagged Samsung apps as spyware

Latest news

Partner Content

Show comments


Share this article
iPhone’s Wi-Fi privacy-enhancing feature didn’t work for 3 years