Privacy-Enhancing Feature Apple Debuted Three Years Ago Never Worked

Fancy Bear has targeted top French orgs since 2021, Operation Triangulation features four modules to steal iOS data, Cloudflare mitigated thousands of hyper-volumetric HTTP DDoS attacks, much more

Image by Matias Cruz from Pixabay

Security researchers Tommy Mysk and Talal Haj Bakry discovered that a privacy-enhancing feature Apple introduced three years ago that hid the Wi-Fi address of iPhones and iPads when they joined a network has never worked.

Despite promises that this never-changing address would be hidden and replaced with a private one unique to each SSID, Apple devices have continued to display the real one, which was broadcast to every other connected device on the network. To the casual observer, the feature appeared to work as advertised. The “source” listed in the request was the private Wi-Fi address. Digging in a little further, it became clear that the real, permanent MAC was still broadcast to all other connected devices in a different request field.

On Wednesday, Apple released iOS 17.1. Among the various fixes was a p…