back to article New Apple iOS to help fanbois thwart Wi-Fi network spies

Apple says it will tweak the networking stack in its forthcoming iOS 8 smartphone OS that'll put an additional stumbling block in front of advertisers, marketers, and other snoops looking to collect information about you from your mobile devices. The iPhone maker announced the change during its annual Worldwide Developers …

COMMENTS

This topic is closed for new posts.
  1. DryBones

    Alternative Title

    Apple Makes War*ing Easier Than Ever

    Seriously, help me out here. I'm struggling to see how this is more than security theater when the things actually being talked about are MitM attacks and other such untrustworthy network access points, when one is in public. OMG, someone might sniff my MAC address from the wifi that I leave on all the time hunts around for access points. 9 out of 10 access points that someone would care about broadcast their SSID, so what they should be doing is passive listening (multiple wardriving programs have shown this to be quite effective) and then directly connecting to the one that they're interested in.

    1. Wzrd1 Silver badge

      Re: Alternative Title

      It's security theater.

      That said, I'd be a bit interested to see the scheme. It could eventually proliferate where a MAC collision would occur.

      1. Stoneshop
        Boffin

        Re: Alternative Title

        It could eventually proliferate where a MAC collision would occur.

        Hardly. The scrambled MAC address needs to be locally unique only, so over a range of, say, 100m. And there are ranges for locally-administered MAC addresses, so if they stick to that there's no chance the chosen address will collide with one the iDevice can't see, but the access point can, like its upstream port or that of its upstream switch or router. Those are 3-byte ranges, so even if every device within those 100m (let's say, 1000, at a gathering of iDevice users) would be using one of those addresses, and every address is chosen at random, you do have an address collision probability of

        1-(16,777,216!/((16,777,216-1000)!*16,777,216^1000)).

        You need to fill about 1% of the address space to have a non-trivially small probability of collision.

        1. David Walker

          Re: Alternative Title

          1-(16,777,216!/((16,777,216-1000)!*16,777,216^1000)).

          Awesome! Great post! And makes perfect sense - the number of clients per access point is very limited relative to the address space available - both physically in terms of distance and also router capacity.

          1. Anonymous Coward
            Anonymous Coward

            Re: Alternative Title

            "That said, I'd be a bit interested to see the scheme. It could eventually proliferate where a MAC collision would occur."

            To add to that, they can't collide after connection as the fake MAC is only used to scan for networks, granted you could get a collision during scanning, but the chances are so slim and even if there is a collision it isn't a big issue as presumably the next scan will use another MAC address. The real MAC is used upon connecting to the network.

            1. DerekCurrie
              Angel

              When MAC Address Collision Is A Good Thing & Just Turn iBeacon OFF

              Having a barrage of MAC Address collisions within this scenario would actually be a brilliant bit of berzerking of the trackers. It reminds me, of course, of V For Vendetta with everyone wearing Guy Fawkes masks en masse. The same person showing up downtown, uptown and in various other countries at the same time would be jolly good fun.

              As for iBeacon:

              "It may be that Apple just wants developers to code for its own, Bluetooth-based iBeacon tech, which is already being used to track customers in some Apple and Macy's stores."

              Just Turn iBeacon Off. Apple let you do that.

          2. Stoneshop

            @David Walker

            It's the general case of the Birthday Paradox.

        2. Anonymous Coward
          Anonymous Coward

          Re: Alternative Title

          >And there are ranges for locally-administered MAC addresses, <

          Interesting, so why does Apple not use the software defined MAC address for the wifi connection as well as the scanning?

          1. Anonymous Custard

            Re: Alternative Title @ J J Carter

            Interesting, so why does Apple not use the software defined MAC address for the wifi connection as well as the scanning?

            As an additional security measure, routers can be set up to filter MAC addresses and only allow known and approved ones to connect. It's how I have my one at home set up ( in addition to the normal encryption and passwords etc), as an additional layer of mischief prevention.

            So if I had a device which gave a random MAC every time it tried to connect, then basically either the above would need to be turned off, or more likely it'd swiftly get the boot.

      2. David Walker

        Re: Alternative Title

        This to me is the technical element that is interesting. Do these random MACs get generated and reused to poll a number of networks and expire, or does each router get broadcast a random MAC (this doesn't get around the problem but does influence the probability of occurrence - already calculated by another commenter). Even if its a low probability it is still possible. ARPish-like spoofing has occurred in the past and so MAC conflicts aren't new - sometimes even planned. OSI RFCs don't really cover this issue but to speculate: if random MACs are generated and cached without being used (for a short time) the device could listen to see if there is a MAC already being broadcast matching any of the random values (doesn't prove that it isn't in use but reduces the probability) and then send a MAC that wasn't already detected. The client could also send a packet with a random MAC that forces a response from a potential other client using that MAC (assuming that device is not just listening). I'm keen to see what Apple is doing - not paying $100 to be an iOS developer to access it early though.

      3. JeffyPoooh

        "...a MAC collision..."

        I hope that the authorities take note. We don't want any police SWAT teams descending on Johnny B. Good because his iPhone 6 randomly chose the same MAC Address as Most-Wanted Osmon bin Terrorist.

    2. David Walker

      Re: Alternative Title

      Blah. Blah. Apple sucks blah. Theater blah. Oh maybe lets try having comments that meaningfully add to an article for once. Firstly, I'm not sure if Apple's framework is robust and don't really care since the idea and software will evolve. I think it is fair to argue that the future of social engineering (for ads, for exploits - whatever) is mining metadata and as such any static identifier is potentially bad news. MAC addresses have an essential engineering function in the OSI model but in personal mobile devices can function as a beacon, add this to GPS (or triangulation) data and you have a linked position. Throw these in to a spatial database and you can develop and do some very serious data mining - which actually happens to be my day job. The extent to which we can spy even now with commercially collected information is very scary. I'm not convinced the Googles of the World (or Apples) are really trustworthy. I applaud any attempt to anonymize these data but also think we should be looking at metadata in a very comprehensive way (other OSI layers, userland) etc. any place where our electronic devices leave 'residue'. I'm not suggesting I've added much to the debate but the "Windoze sucks", "Apple sucks", "you suck" trolling in the comments sections really - well - sucks.

    3. Anonymous Coward
      Anonymous Coward

      MAC collisions are not an issue

      I'm pretty sure it would be against RFCs to choose "random" MACs for scanning that are assigned as permanent MACs to other devices. Luckily there's a simple way around this - dedicate one of the OUIs assigned to Apple for scanning. We have 65,536x as many MAC addresses as IP addresses, so using one for this purpose wouldn't be a big deal, even if everyone else did the same.

      Perhaps there already is a "public" OUI which could be used for this type of thing, similar to the 10.x.x.x and 192.168.x.x blocks for private IP addressing.

      1. Roland6 Silver badge

        Re: MAC collisions are not an issue

        RFC's (and IP) have practically nothing to do with it. This is wholly within the IEEE 802 domain - from memory can't see how this contravenes any of the 802 Standards, albeit it is using the software address capabilities of 802 MAC in a way not originally envisaged.

      2. Stoneshop

        Re: MAC collisions are not an issue

        Perhaps there already is a "public" OUI

        There is. AA:00:04 is one such range, but IIRC all addresses that start AA: are locally-administered.

    4. Anonymous Coward
      Anonymous Coward

      Re: Alternative Title

      I dislike appple alot. but this is a great feature. All we need now is for Android to add it.

    5. Anonymous Coward
      Anonymous Coward

      Re: Alternative Title

      I'm struggling to see how this is more than security theater

      That's maybe because you're only looking at this from an attack angle. By randomising the MAC address it reduces traceability and increases your network anonymity (it screws up assigning activity logging to a certain ID). Ironically, iOS has an advertiser ID hidden in the settings too, so I guess that's what they'll use instead (but you can kill that or reset it - naturally it defaults to "on").

  2. Anonymous Coward
    Anonymous Coward

    Nice, but ...

    It would be even nicer if the random MAC was also used for making a connection. Any practical reason why that couldn't be so?

    1. adnim

      Re: Nice, but ...

      "It would be even nicer if the random MAC was also used for making a connection. Any practical reason why that couldn't be so?"

      Services that see your MAC address as a positive identification of an allowed device and tie that MAC address to a known user. Used in conjunction with a user name password combination this would add a further layer of security..... ACL on a service gateway for instance.

    2. deive

      Re: Nice, but ...

      As an Android owner, I have to say I like this feature!

      It should be used for connected WIFI points also - no reason it cant remember which MAC was used for each, and reuse that one whenever it reconnects (probably - I can't say I know the WIFI protocol at that level...)

      1. Anonymous Coward
        Anonymous Coward

        Re: Nice, but ...

        Unfortunately, doing this would break roaming, because two APs couldn't hand off the connection when they each know you by a different MAC.

        1. Anonymous Coward
          Anonymous Coward

          @adnim, @DougS - Re: Nice, but ...

          Ok, two good reasons why not.

          I doubt that either would matter in the general case of public wifi (eg in a pub), so maybe a user-selectable option (defaulted to 'off')?

          1. Roland6 Silver badge

            Re: @adnim, @DougS - Nice, but ...

            Well very few services actually use a device's MAC address, however, there is no real reason why a device couldn't use a different MAC address for each WiFi network SSID it attaches to, other than it would complicate the client's driver and network connection manager. Where credentials are linked to a MAC address (eg. network with MAC address filtering) then you simply use a pre-assigned MAC address for that network.

            But agree, given that the majority of public hotspots are effectively a single AP, roaming is generally not going to be an issue, but as you indicate a simple user selectable on/off option could be useful as could the option to use a different MAC address on different visits.

      2. Anonymous Coward
        Anonymous Coward

        "As an Android owner, I have to say I like this feature!"

        Not so fast. The Apple coder drones have programmed it with tens of thousands of MAC address that are also ASCII strings saying rude things about Android.

    3. Anonymous Coward
      Anonymous Coward

      Re: Nice, but ...

      "It would be even nicer if the random MAC was also used for making a connection. Any practical reason why that couldn't be so?"

      IP6?

  3. BleedinObvious

    Apple copying again! - Android's Pry-Fi

    Android has had an excellent app by Chainfire for this for some time called Pry-Fi (free & pro).

    Disclaimer, no way attached to Chainfire, just an admirer of his utils.

    Hope Apple don't posthumously patent

    1. Roland6 Silver badge

      Re: Apple copying again! - Android's Pry-Fi

      Fundamentally, what this is largely about is the insecure way the WiFi service has been implemented on various devices. There is no real reason why a device should be transmitting anything when it should only be passively listening...

      But that isn't to say that utilities like Pry-Fi don't contain some very useful camouflage.

    2. chr0m4t1c

      Re: Apple copying again! - Android's Pry-Fi

      It's almost impossible to tell, Chainfire seems to have announced Pry-Fi at the end of January, which would theoretically allow Apple sufficient time to add the functionality to iOS8 in time for launch roughly four months later.

      However, iOS8 will have been in development for well over a year before the recent launch and we have no way of finding out if they had already included the functionality.

      In addition to that, Apple started adding anti-tracking options (for advertising) as far back as iOS6.

      Given that public wi-fi probably wasn't being used to track movement until last year, there would not have been any need for this solution and all we may seeing is two seprate entities trying to resolve the same problem and coming up with the same idea - not a great strech of the imagination once you know how the tracking is taking place and the way the protocol is operating.

      TBH, Pry-Fi requires a device to be rooted in order to function, I'd much rather than Goolge (and MS for that matter) "copied" this idea too so that it's part of the OS and then we'd all be better off.

  4. Anonymous Coward
    Anonymous Coward

    iKnow its all about iAd.

    Ve haf vays of monopolising all iAds.

    iBeacon iAds income R US

  5. sabroni Silver badge

    So if your router is filtering by mac address

    will it not allow a previously registered iDevice to connect once upgraded?

    (Yes, I know the mac address is spoofable, no I don't use this as my sole means of securing my wifi.)

    1. Irongut

      Re: So if your router is filtering by mac address

      That was my question too. Unfortunately not enough detail in the article and I wouldn't be surprised if Apple had forgotten about that standard security feature found on all routers.

    2. chris 17 Silver badge
      Happy

      Re: So if your router is filtering by mac address

      the idevice will only use a fake MAC address when scanning. It will use its real address when connecting and using the network.

  6. Alan Denman

    it is all about the Spam

    Reading it I can really see why.

    Rather than a random number, these numbers pre-determine iDevices.

    Of course a pre-determinied number in future wll be for that increasing iAd iSpam.

    I'd suggest you turn off bluetooth and Wifi while you can.

    Likely any on/off user control you currently have is just short term. Greed matters with Apple.

  7. Anonymous Coward
    Anonymous Coward

    iBeacon

    As mentioned, Apple are pushing iBeacon so in reality this story should be "Apple make it impossible for the cheap incumbent way of tracking users around a set location while promoting their own way of doing it which is more intrusive"

    1. Byz

      Re: iBeacon

      iBeacons don't track you it is the app on the phone that sees the iBeacons. All iBeacons are is low power bluetooth transmitters that transmit an id and you program your app to see certain ids.

      So if the app is tracking you de-install it, you have control.

      Whereas with MAC address scanning it is done without your knowledge, thus you have no control.

      1. Anonymous Coward
        Anonymous Coward

        Re: iBeacon

        "iBeacons don't track you it is the app on the phone that sees the iBeacons"

        iBeacons use BluetoothLE, you can create a unique ID for that device or use the Bluetooth MAC if available. You can track any Bluetooth LE device - Apple even have an API for it. It might not be the intention, yet, for a simple iBeacon you buy for $5 but it is an open standard that would be easy to track users using beacons.

        However, if you rely on the app then every app will include this statistical data being sent back to the HQ and as Apple have a service to run this that is separate from the actual installed app (it's built into the OS) then there is nothing to stop the data being sent to Apple to process and then passed to the relevant beacon installer for a small fee, even without an app installed. All you need is Bluetooth to be on.

        1. Byz

          Re: iBeacon

          Well I've written a couple of apps that use I beacons, so unless you make your phone an iBeacon or carry one around with you you can't be tracked by them.

          Next the phone can only pretend to be one beacon at a time so if you have two apps trying to set up the phone as their own iBeacon with different ids then you will get a clash between the apps.

          In your scenario you are saying that Apple will monitor which beacons you go by (however you need to know what iBeacon ids your looking for) and send the data back, well in theory yes this could be possible, however in practice most iBeacons run on Batteries which don't last as long as most producers claim and there are not many mains powered iBeacons on the market (though you could build one with a Raspberry Pi as per the Reg article http://www.theregister.co.uk/2013/11/29/feature_diy_apple_ibeacons/). so it would be a hell of a lot of maintenance for very little gain.

          To be honest you may as well just use GPS and if your that worried it might be worth investigating buying one of these http://zapatopi.net/afdb/ ;)

    2. DerekCurrie

      Re: iBeacon <--Just Turn It OFF

      As I pointed out in another reply: Just turn iBeacon off. Apple let you do that.

  8. Anonymous Coward
    Anonymous Coward

    Deja Vu

    Sounds like the Android app Pry-Fi available in the Play Store.

    Don't go shopping without it.

  9. Anonymous Coward
    Anonymous Coward

    Nobody other than Apple is allowed to track you

    in other words....

    1. Dave 126 Silver badge

      Re: Nobody other than Apple is allowed to track you

      Apple simply have less of an incentive to track you than Google. Google makes its money selling advertisements, Apple make theirs by charging the customer upfront for hardware and services.

      Safari on OSX similarly has features to thwart trackers, by pretending that you have visited hundreds of websites that you haven't.

      No company is saintly.

  10. Dieter Haussmann

    We use wifi poll tracking to improve the service in our university, so this is a double-edged sword.

    We collect unique visitor numbers to different areas, percent of repeat visitors, dwell time etc... and can plan maintenance, increase/reduce services etc... to suit. I believe shopping centres and department stores do something similar.

    1. TRT Silver badge

      Another genuine use of unattached WiFi snooping... Universities, yes. You can't pay for pollsters to stand around clicking thumb counters all day like London Underground currently do.

  11. TRT Silver badge

    There are already...

    a number of WiFi management packages which collate unattached MACs and produce metrics for footfall on a daily, weekly, monthly basis. It lets businesses track footfalls around, say, a large department store, find out who comes in regularly, how long they stay, where they go.

    It's snooping allright, but it's useful for some businesses, and I think this is just making a mountain out of a molehill. It's not inconveniencing the customer or pushing advertising onto them. OK, it might be used by law enforcement to track someone, but we're talking Enemy of the State fantasy here, and you can do it by Cellular ID any way.

    What would be far more useful for Apple's "security theatre" is a way of enforcing rigorously at iOS level a requirement to use VPN depending on WiFi protection status, building an easy VPN configuration system into their routers for home use which can push a working VPN configuration payload onto a client iPhone (or Anroid or other client) forcing them to VPN back to the home network when using public WiFi, or some other way of ensuring that public WiFi is genuine and not a spoofed access point slurping your unencrypted email passwords absolutely unknown to the user.

    This is just privacy window dressing which will push up battery consumption needlessly and lull punters into false sense of security and privacy.

    1. chris 17 Silver badge
      Big Brother

      Re: There are already...

      why do i need a vpn back to my home router to access an ssl protected site?

      tracking mac addresses gives you the following info

      vendor and likely model of handset

      age of handset

      this info can start to influence the how you market to those people like on how much disposable cash they may have, or how much people with certain handsets like to browse, how certain users like to use comparison sites instore whilst shopping. Also, live tracking linked to cctv could aid in the hunt for shoplifters trying to hide from security, or if they frequently revisit stores on reconnaissance, or if they simply return to stores once banned.

      The more you think about what the tracking can reveal about you the more worrying it is.

      1. TRT Silver badge

        Re: There are already...

        Why VPN back to your home router over an unencrypted public WiFi channel? Because you might not be connecting to an SSL site, because there may be a flaw in the SSL encryption, because there still might be a MITM exploit... That's like asking why shouldn't I do my telephone banking on the train. As I said, Apple's current VPN payload kit is complex, requires considerable knowledge about the workings of Apple Device Management, and is woeful in enforcing VPNs at a systemwide level - in fact it doesn't. If it doesn't establish a VPN connection in something like 15 seconds, it falls back to the standard configuration, so all your usual Apple supplied and can't be removed Apps pass through the open air unencrypted. Tackling that would be far more useful than some James Bond's number plate style obfuscation of hardware identity.

        If there's no relationship with the person with the handset, what's your beef? As soon as you log in to that WiFi point, you establish a relationship using your real MAC address anyway. They can't suddenly beam an advert to your WiFi card if you have not established a relationship with them. Collecting customer metrics based on the make, model and age of their handset is no more intrusive than employing someone to stand by the door and make ticks on a clipboard for everyone who comes in the door with a Gucci handbag or who's wearing Raybans.

        Live tracking with CCTV to catch shoplifters, they do anyway.

        I don't understand what your problem is with this.

    2. Roland6 Silver badge

      Re: There are already...

      > building an easy VPN configuration system into their routers for home use

      ??? No need far simpler to provide it as a standard part of the iCloud service offering.

  12. Anonymous Coward
    Anonymous Coward

    Turn up the noise!

    Thumbs up for anything that increases the noise in the snoopers data sets.

    Whilst providing the expected level of "no your bum doesn't look big in that", I've taken to turning wi-fi on and off as I'm manoeuvred around shopping centres. I like to imagine someone somewhere mining the data with a WTF?! look.. How did he get from there to there without going through there!?

    Equally I do the same with telephone marketing.

    "My home? Yes its valued at 3million"

    "One bedroom no bathroom, 12 people live here"

    "Salary? £100 a year"

    Maybe one day the people that pay for the surveys will start to question why the data is so crap.

This topic is closed for new posts.

Other stories you might like