MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
address
Search

iOS 17.1 finally fixes a three-year-old Private Wi-Fi Address security hole

Friday October 27, 2023. 05:53 PM , from Mac Central
Macworld

Here’s another reason you should update to iOS 17.1: the Private Address feature actually works now. Introduced in iOS 14, Private Address (also called Private Wi-Fi Address) was supposed to provide users with a way to avoid being tracked while connecting to Wi-Fi networks. But according to Ars Technica, the feature never really worked in the first place because of a security vulnerability. Apple finally fixed it with the latest iOS 17 update.

The issue, documented as CVE-2023-42846 in the Common Vulnerabilities and Exposures database, involved the Private Address feature’s ability to hide an iPhone’s Media Access Control (MAC) address, which is used to define a device’s location on a Wi-Fi network. But, as explained in a Macworld Mac 911 column about Private Address, “If that MAC address doesn’t change over time, the backend of a hotspot portal could build up a profile of you (or your device) using a variety of clues that…only prove trackable when paired with a fixed network ID.”

Security researchers Talal Haj Bakry and Tommy Mysk found a vulnerability in Private Address that had been present since it was introduced in iOS 14 in 2020. With the feature on, iOS would respond to address requests with a private address as the source, which made it seem like the feature worked. However, the researchers found that the real, actual MAC address was provided in a different part of the request-response. “From the get-go, this feature was useless because of this bug,” Mysk said to Ars Technica. Mysk posted a 98-second YouTube video explaining the problem and noting that it is fixed in iOS 17.1.

Ars Technica does state that, “the feature wasn’t useless, because it did prevent passive sniffing,” but it was relatively easy to find the real MAC address and use the information nefariously. Ars also points out that, “the fallout for most iPhone and iPad users is likely to be minimal, if at all.”

The Private Address feature is found in Settings; tap Wi-Fi, then, with any of the Wi-Fi hotspots that appear, tap the “i” icon. If you install iOS 17.1, you can rest assured that it actually works now.

Learn more about iOS 17 in our superguide.

iOS
Read more at Mac Central
https://www.macworld.com/article/2118771/ios-17-1-private-address-security-hole-fix.html
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
May, Thu 9 - 22:19 CEST