Subscribe to our Telegram channel!
Hackers have been tracking iPhone users for more than three years through a Wi-Fi vulnerability
Apple has introduced the function of hiding the MAC addresses of Wi-Fi modules in the company’s devices. The goal is to increase the anonymity of users. However, according to a report published on the technology portal Ars Technica, this feature has not been working correctly for three years.
The MAC address hiding feature was introduced in the iOS 8 update in 2014 to provide additional anonymity for users on Wi-Fi networks. A MAC address is a unique identifier associated with a device’s hardware that can be used by third parties to track a user’s movements. According to Apple, replacing the MAC address with random values for each Wi-Fi network was supposed to help solve this problem.
However, as it turned out, the feature hasn’t worked properly since the release of the iOS 14 update in 2020. the iPhones were indeed transmitting a random Wi-Fi MAC address to the access point. Security researchers have published a short video showing a Mac using the Wireshark packet sniffer program to monitor traffic on the local network to which it is connected. When an iPhone running iOS prior to version 17.1 connects to the network, it transmits its real Wi-Fi MAC address on port 5353/UDP.
The bug in the MAC hiding feature was discovered by independent researchers who reported it to Apple. «From the very beginning, the feature was useless because of this bug. We couldn’t stop devices from sending these discovery requests, even with a VPN. Even in Lockdown Mode,» said one of the researchers.Last Wednesday, Apple released iOS 17.1. Among the various fixes, it was noted that the vulnerability CVE-2023−42 846 was fixed — it prevented the privacy feature from working with spoofed MAC addresses. The company did not explain why such an elementary bug went unnoticed for so long. The message released by the company only says that the fix works by «removing the vulnerable code.»