Re: [STDS-802-Privacy] iOS8 uses randomized MAC addresses when scanning
My tests were done on iPhone 4s and iPad min v1 where there seems to be no MAC randomisation active.
Piers
On 24 Sep 2014, at 16:28, Mathieu Cunche wrote:
> Hi all,
>
> According to this post, MAC randomization is not enabled on all Apple
> devices:
>
> http://blog.airtightnetworks.com/ios8-mac-randomization-analyzed/
>
> Two interesting points:
> - The randomized MAC is a locally administered MAC.
> - The randomized MAC address used in the Probe Request changes every
> time the phone is activated and subsequently put to sleep mode.
> Meaning that every new sleep cycle uses a new randomized MAC.
>
> Mathieu
>
> On 09/19/2014 05:52 PM, Piers O'Hanlon wrote:
>> Hi,
>>
>> I first tested using the ios8 gold master which should be the same as the released version. I've now tested with the actual ios8 release and I am still not seeing any randomised MACs.
>>
>> Piers
>>
>>
>>
>>> On 19 Sep 2014, at 16:02, Zuniga, Juan Carlos <JuanCarlos.Zuniga@xxxxxxxxxxxxxxxx> wrote:
>>>
>>> Hi Carlos,
>>>
>>> We had some discussions about this feature. Seems like only the Probe REQ message is being randomised (the announcement should say Active Scanning btw, as passive scanning does not transmit anything but only listens to AP beacons).
>>>
>>> Piers reported to the list that his tests did not show a change in MAC, although I believe this was with a beta version tested before the official iOS8 was announced. It would be worth verifying again.
>>>
>>> Cheers,
>>>
>>> Juan Carlos
>>>
>>>
>>>
>>> Sent with Good (www.good.com)
>>>
>>> ________________________________
>>> From: Carlos Jesús Bernardos Cano
>>> Sent: Friday, September 19, 2014 9:59:03 AM
>>> To: STDS-802-PRIVACY@xxxxxxxxxxxxxxxxx
>>> Subject: [STDS-802-Privacy] iOS8 uses randomized MAC addresses when scanning
>>>
>>> Hi,
>>>
>>> Not sure if this has been already discussed in the list (apologies if
>>> that was the case). I found out today that iOS8 uses randomized MAC
>>> addresses when scanning [1].
>>>
>>> "Randomized Wi-Fi addresses
>>> When you’re out running errands with your phone in your pocket, Wi-Fi
>>> hotspots have the ability to track your movements and behavior by
>>> scanning your Wi-Fi MAC address. A MAC address is a string of characters
>>> that uniquely identifies your device on a network. With iOS 8, we’ve
>>> introduced an innovative feature designed to protect your privacy by
>>> randomizing your device’s MAC address when the device is passively
>>> scanning for Wi-Fi networks. Because your MAC address now changes when
>>> you’re not connected to a network, it can’t be used to persistently
>>> track you. This is in line with Apple’s industry-leading effort to do
>>> away with persistent identifiers, and is unique to iOS devices."
>>>
>>> [1] https://www.apple.com/privacy/privacy-built-in/
>>>
>>> Do you know if other OSs are also doing this?
>>>
>>> Thanks,
>>>
>>> Carlos
>