
iPhone 7 lets your neighbors know if you are home or out - th0mat
https://packetmozart.com/2017/03/29/iphone-7-not-randomizing-mac-addresses-for-wifi-probe-requests/
======
eridius
Clickbait title. There was a story recently that said that _all_ of the
devices had flaws with MAC address randomization. There's literally nothing
special about the iPhone here.

~~~
andreyf
He explains his reasoning at the end.

~~~
eridius
That just looks like a bullshit justification for having a clickbait title.
It's not like this title will make Apple pay any more attention to the issue.
All it does is try to elicit pageviews from other people, while simultaneously
misleading them (because the title implies it's a problem unique to iPhone 7,
and not everybody is going to read the whole article).

~~~
andreyf
Fair. Although I'd presume he was genuinely unaware of the prior art here. A
lot about wifi traffic is not what most people assume.

~~~
eridius
Well, they point out that Android does it too, so clearly they know it's not
unique to iPhone 7.

------
anishathalye
This is known behavior: according to the iOS 10 Security white paper [1], "iOS
uses randomized Media Access Control (MAC) address when conducting Wi-Fi scans
while it isn't associated with a Wi-Fi network... Note that Wi-Fi scans which
happen while trying to connect to a preferred Wi-Fi Network aren't
randomized".

I haven't put much thought into it, but I wonder why they don't randomize all
probe requests...

[1]:
[https://www.apple.com/business/docs/iOS_Security_Guide.pdf](https://www.apple.com/business/docs/iOS_Security_Guide.pdf)

~~~
agf
I would assume because MAC-based whitelisting is a commonly used WiFi access
control mechanism?

~~~
eridius
Also possibly because, if it is associated with a wifi network, then it's
already sending packets with its MAC address, so there's not much point in
randomizing some of the packets.

------
KayEss
Of course the neighbours could always find this out anyway by watching the
traffic on your channel as there is never any MAC randomisation involved in
talking to a known access point.

~~~
th0mat
Not true. Microsoft figured out how to do that. Google mac randomization
Windows 10.

~~~
KayEss
They might choose a different MAC for each network, but surely for a given
network they use the same one? Many people use MACs for securing access points
and a continuously changing MAC would break that.

Your neighbour would be using some sort of correlation to work out the MAC
anyway, so all they'll need is that it doesn't change over time for your
access point.

------
randyrand
so does the presence of my automobile.

~~~
andreyf
Your neighbor's wifi scale can't see your car, but it can "see" your wifi
packets.

~~~
c22
> Your neighbor's wifi scale can't see your car[...]

Don't be so sure:
[http://people.csail.mit.edu/fadel/wivi/](http://people.csail.mit.edu/fadel/wivi/)

~~~
andreyf
Yeah, I would only be a little surprised if it turns out to be feasible to
reconstruct 3D shapes to freakish accuracy via wifi signals. Perhaps not
anytime soon, though.

------
elastic_church
this is hilarious, I'm going to do this

