Help

IOS8 to Randomize MAC addresses

hansonr55
New Contributor

Posted on ‎06-10-2014 01:51 PM

http://www.washingtonpost.com/blogs/the-switch/wp/2014/06/09/how-apples-new-software-makes-it-harder-for-retailers-to-track-your-movements/

What kind of issues will this cause for MDM solutions?

0 Kudos
5 REPLIES 5

bbelew
Contributor

Posted on ‎06-10-2014 02:04 PM

Doubt it will cause issues for MDM's since they use serial number. My guess is the mac address would just update during each inventory, any saved searches based on mac would be pointless at that point.

Now from a networking stand point - using a mac address to assign IP or Wifi Access will be null and void.. Nor will we be able to force suspicious devices into super blocked group to try to identify the user. I do that with our Aruba Wireless currently - I force a device that is doing something suspicious or viewing something inappropriate to a jail vlan and use our content filter to block pretty much everything and force the user to sign in with their LDAP credentials to view the web - which shows me who they are.

0 Kudos

chriscollins
Valued Contributor

Posted on ‎06-10-2014 02:07 PM

I think it only randomizes the MAC address while its actually searching for a wireless network to connect to in the background (like stores with wireless hot spots in them). once you choose to connect to a wireless network I think it sends your real MAC address.

0 Kudos

ItsMe_Sean
Contributor

Posted on ‎06-10-2014 05:21 PM

I think what Chris has said would be correct, seeing as MAC addresses are hard coded to a specific piece of network hardware. The only way I can see this working is by continually masking the MAC address the network can see.

Hopefully there is going to be an MDM option to disable this for enterprise environments, as I could see this causing issues if people use MAC addresses from iOS devices to assign specific DHCP addresses.

0 Kudos

freddie_cox
Contributor III

Posted on ‎06-10-2014 05:51 PM

So the slide was specific in saying this was only for "probe request" and "probe response"

These are only used in discovering new base stations/SSID's and responding with the base stations capabilities and frame rates. It sounds like the authentication and negotiation will be with the actual MAC address.

I still want/need to test this in our environment since we do use MAC address filtering but I don't see it having an affect on MDM providers since they use the device UUID and certificate authentication to communicate with the device.

WLAN Packet Descriptions: http://www.wildpackets.com/resources/compendium/wireless_lan/wlan_packet_types

0 Kudos

bbelew
Contributor

Posted on ‎06-11-2014 05:53 AM

It doesn't seem like the goal of preventing tracking would be very beneficial if the random mac was just for the "handshake" between client and AP. If it actually showed the real mac address after the handshake, the software they use to track would just need to wait a bit to get the real one.

0 Kudos