iOS 17.1 fixed privacy hole in the Private Wi-Fi Address function

2023-10-27 17:29:53

As iOS 14a Apple launched the feature Private Wi-Fi Addresswhich consists of masking the MAC addressMedia access controlor media access control.”>1 of devices, displaying another address on each network the user connects to. This code is present on the network cards of devices that have a Wi-Fi connection and, therefore, is unique for each one. It serves to authenticate the device, in addition to being used to track people.

It turns out that, since then, this resource had a serious flaw that basically made it unfeasible, in addition to other problems that it already generated. Although the function’s main purpose was to protect privacy and prevent users from being tracked through their MAC address, the iPhone and other devices continued to display the true address when connecting to Wi-Fi networks, putting the entire purpose at stake. of the resource.

The solution only came this week, with updates released for the systems. Both the iOS 17.1 as the iOS 16.7.2o tvOS 17.1 and the watchOS 10.1 included this fix, having the vulnerable code removed. The vulnerability was discovered by Tommy Musk e Talal Haj Bakryand was cataloged under the code CVE-2023-42846.

Since 2020, in this way, even though the feature prevented access to the address passively, it was not very difficult to find the true MAC address among the data transmitted by the device to others that were also connected to the same Wi-Fi network. The video below shows how the address was, in fact, still exposed, even with the function activated:

As said by the Mysk developers when Ars Technica, there is no way to stop iPhones and other Apple devices from sending AirPlay discovery requests, even when using virtual private networks (VPNs) and in Block Mode. It was also in this way that both the address created by the device and the real one, which had to be masked, were sent.

They claimed to have discovered the breach in July this year, and that they sent their findings to Apple on 7/25. According to the developers, Apple put obstacles in the way of communication because it was unable to replicate the bug until today. October 3when he was notified by the company with a corrected version of the system for testing.

This loophole left users vulnerable, as knowing the MAC address of a device opens up space to track browsing done with it on different networks, even though other internet security measures mitigate the risk. Anyway, with iOS 17.1, the Private Wi-Fi Address feature will finally work. To use the feature, simply go to the information for a Wi-Fi network and activate the option.

1698541609
#iOS #fixed #privacy #hole #Private #WiFi #Address #function

Leave a Replay