- Jamf Nation Community
- Products
- Jamf Pro
- Re: IOS8 to Randomize MAC addresses
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
IOS8 to Randomize MAC addresses
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-10-2014 01:51 PM
http://www.washingtonpost.com/blogs/the-switch/wp/2014/06/09/how-apples-new-software-makes-it-harder-for-retailers-to-track-your-movements/
What kind of issues will this cause for MDM solutions?
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-10-2014 02:04 PM
Doubt it will cause issues for MDM's since they use serial number. My guess is the mac address would just update during each inventory, any saved searches based on mac would be pointless at that point.
Now from a networking stand point - using a mac address to assign IP or Wifi Access will be null and void.. Nor will we be able to force suspicious devices into super blocked group to try to identify the user. I do that with our Aruba Wireless currently - I force a device that is doing something suspicious or viewing something inappropriate to a jail vlan and use our content filter to block pretty much everything and force the user to sign in with their LDAP credentials to view the web - which shows me who they are.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-10-2014 02:07 PM
I think it only randomizes the MAC address while its actually searching for a wireless network to connect to in the background (like stores with wireless hot spots in them). once you choose to connect to a wireless network I think it sends your real MAC address.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-10-2014 05:21 PM
I think what Chris has said would be correct, seeing as MAC addresses are hard coded to a specific piece of network hardware. The only way I can see this working is by continually masking the MAC address the network can see.
Hopefully there is going to be an MDM option to disable this for enterprise environments, as I could see this causing issues if people use MAC addresses from iOS devices to assign specific DHCP addresses.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-10-2014 05:51 PM
So the slide was specific in saying this was only for "probe request" and "probe response"
These are only used in discovering new base stations/SSID's and responding with the base stations capabilities and frame rates. It sounds like the authentication and negotiation will be with the actual MAC address.
I still want/need to test this in our environment since we do use MAC address filtering but I don't see it having an affect on MDM providers since they use the device UUID and certificate authentication to communicate with the device.
WLAN Packet Descriptions: http://www.wildpackets.com/resources/compendium/wireless_lan/wlan_packet_types
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-11-2014 05:53 AM
It doesn't seem like the goal of preventing tracking would be very beneficial if the random mac was just for the "handshake" between client and AP. If it actually showed the real mac address after the handshake, the software they use to track would just need to wait a bit to get the real one.
