iPhone 7 lets your neighbors know if you are home or out
packetmozart.comClickbait title. There was a story recently that said that all of the devices had flaws with MAC address randomization. There's literally nothing special about the iPhone here.
He explains his reasoning at the end.
That just looks like a bullshit justification for having a clickbait title. It's not like this title will make Apple pay any more attention to the issue. All it does is try to elicit pageviews from other people, while simultaneously misleading them (because the title implies it's a problem unique to iPhone 7, and not everybody is going to read the whole article).
Fair. Although I'd presume he was genuinely unaware of the prior art here. A lot about wifi traffic is not what most people assume.
Well, they point out that Android does it too, so clearly they know it's not unique to iPhone 7.
This is known behavior: according to the iOS 10 Security white paper [1], "iOS uses randomized Media Access Control (MAC) address when conducting Wi-Fi scans while it isn't associated with a Wi-Fi network... Note that Wi-Fi scans which happen while trying to connect to a preferred Wi-Fi Network aren't randomized".
I haven't put much thought into it, but I wonder why they don't randomize all probe requests...
[1]: https://www.apple.com/business/docs/iOS_Security_Guide.pdf
I would assume because MAC-based whitelisting is a commonly used WiFi access control mechanism?
Also possibly because, if it is associated with a wifi network, then it's already sending packets with its MAC address, so there's not much point in randomizing some of the packets.
In addition to those who whitelist based on MAC address, some networks also assign "static IPs" via DHCP based on the MAC address.
Of course the neighbours could always find this out anyway by watching the traffic on your channel as there is never any MAC randomisation involved in talking to a known access point.
Of course the neighbors could always find this out anyway by watching the driveway.
What would MAC randomization do? Let them think someone's broken into your house?
Not true. Microsoft figured out how to do that. Google mac randomization Windows 10.
They might choose a different MAC for each network, but surely for a given network they use the same one? Many people use MACs for securing access points and a continuously changing MAC would break that.
Your neighbour would be using some sort of correlation to work out the MAC anyway, so all they'll need is that it doesn't change over time for your access point.
so does the presence of my automobile.
Your neighbor's wifi scale can't see your car, but it can "see" your wifi packets.
> Your neighbor's wifi scale can't see your car[...]
Don't be so sure: http://people.csail.mit.edu/fadel/wivi/
Yeah, I would only be a little surprised if it turns out to be feasible to reconstruct 3D shapes to freakish accuracy via wifi signals. Perhaps not anytime soon, though.
this is hilarious, I'm going to do this