For many years, iPhones have displayed unique MAC addresses to users on Wi-Fi networks. Apple introduced a feature three years ago that would hide Mac addresses, but the devices showed it anyway. Mac addresses can be used to track users.
The error, which was identified as CVE-2023-42846, It was discovered by security researchers Tommy Miske And Talal Hajj Bakri. They discovered that Apple’s Private Wi-Fi Addresses feature has been showing the real MAC address of iPhones since its release, while the feature is supposed to generate a random address for every Wi-Fi network the iPhone connects to.
When your iPhone connects to a Wi-Fi network, the phone automatically sends a multicast request to find AirPlay devices on that network. This request must also include the mac address. The real, prima facie address is replaced with a randomly generated variable, as intended in Apple’s privacy feature. However, the researchers discovered that the real MAC address was still displayed later in the multicast request, along with the fake address. Mysk explains the vulnerability In a YouTube videoIt uses WireShark to detect the unique MAC address of an iPhone on its network.
Apple introduced the Private Wi-Fi Addresses feature in 2020 as part of iOS 14. This feature aims to hide your iPhone’s mac address. Instead, a random address is generated for each Wi-Fi network your iPhone connects to. Changing the MAC address of each network should prevent network administrators or other observers from tracking or profiling the user. It is Apple’s interpretation.
The vulnerability was shared with Apple at the end of July. Apple has now patched the bug as part of iOS 17.1, which was released last Wednesday.
“Lifelong entrepreneur. Total writer. Internet ninja. Analyst. Friendly music enthusiast.”