iOS 14 MAC randomization privacy feature may cause Cisco enterprise network issues
A new iOS 14 privacy feature could potentially cause problems for enterprise or educational network and device management setups, Cisco warned on Thursday.
Credit: Apple
The privacy feature in question is an option to use a "private," or randomized, media access control (MAC) address when connecting a Wi-Fi network. Generally, devices identify themselves using the same MAC address when connecting to networks, which can allow for tracking by network operators.
But the random MAC address can also break certain network or device management systems. For example, in a notice on Thursday, Cisco warned that its Identity Services Engine could run into problems if a user has the feature enabled because it relies on MAC address lookup.
Mobile device management, or MDM, systems could fail to detect a device running iOS 14 if it's using a randomized MAC address. Employees or students using a Bring Your Own Device system for education or work could also see issues with network security requirements, since those often rely on MAC addresses for authentication.
It isn't just Apple devices that can cause issues. Google in Android 10 also added randomized MAC addresses as a feature, the networking company notes.
Cisco notes that there's currently no large scale solution for these problems that can be deployed by itself or network operators. However, there is an easy solution, by asking a user to disable the feature.
Users can turn off private Wi-Fi addresses by tapping on a network in the Wi-Fi Settings pane and hitting the toggle next to Private Address.
While that could allow for a network operator to track users, it will mitigate potential issues with MDM and "bring your own device" systems at work and school. It's also worth noting that the feature is enabled or disabled on a per-network basis, meaning you can selectively disable it just for work or school networks.
Credit: Apple
The privacy feature in question is an option to use a "private," or randomized, media access control (MAC) address when connecting a Wi-Fi network. Generally, devices identify themselves using the same MAC address when connecting to networks, which can allow for tracking by network operators.
But the random MAC address can also break certain network or device management systems. For example, in a notice on Thursday, Cisco warned that its Identity Services Engine could run into problems if a user has the feature enabled because it relies on MAC address lookup.
Mobile device management, or MDM, systems could fail to detect a device running iOS 14 if it's using a randomized MAC address. Employees or students using a Bring Your Own Device system for education or work could also see issues with network security requirements, since those often rely on MAC addresses for authentication.
It isn't just Apple devices that can cause issues. Google in Android 10 also added randomized MAC addresses as a feature, the networking company notes.
Cisco notes that there's currently no large scale solution for these problems that can be deployed by itself or network operators. However, there is an easy solution, by asking a user to disable the feature.
Users can turn off private Wi-Fi addresses by tapping on a network in the Wi-Fi Settings pane and hitting the toggle next to Private Address.
While that could allow for a network operator to track users, it will mitigate potential issues with MDM and "bring your own device" systems at work and school. It's also worth noting that the feature is enabled or disabled on a per-network basis, meaning you can selectively disable it just for work or school networks.
Comments
Thank goodness I just updated my secondary iPhone to check it out.
I'm an elderly sleeper and have to set my alarm accordingly, both for the night, and in the daytime. Ha! The Alarm hnow has to be set using the Health app. And the Health bases your sleep it on an 8-hour cycle. Changing wake and sleep times is a b***h.
Also, it doesn't like my selection of an IMAP mail server, and keeps trying to steer me to one of its favorites.
I've just turned OFF the automatic updates in both my primary iPhone and iPad.
Am I nuts, or just plainly senile?
If you previously used Apple's Sleep Monitoring (it was labeled as "Bedtime") in the Clock app, it has been moved to the Health app. You can still see your Sleep and Wake alarm at the very top of the Clock app but it takes you to the Sleep section of the Health app whenever you set alarms, make changes, and view data. You are not limited to an 8-hour cycle. You can move the Bedtime and Wake Up sections of the dials independently to set your times. This was the same as in iOS 13. I'm looking at it right now on my main iPhone 11 Pro Max (13.6) and newly updated secondary iPhone X.
That said, setting regular alarms is still done in the Clock app as before. The interface has changed there where you now can use the numerical keypad to set the time OR if you keep your finger pressed on the time and scroll up/down, you can change the time similarly as before.
I'm not entirely sure what problem you're describing regarding IMAP mail server. If you can provide more info, maybe I or someone else can help you.
I've updated my 2018 iPad Pros (11" & 12") and my iPhone X successfully and have not had any issues so far. I have been testing the Public Beta since it became available. I'm waiting a few more days before I update my main iPhone 11 Pro Max.
Th.e usual suspects: gmail, etc.
I use Heller Information Services < his > Paul Heller began y running a Mac bulletin boar, well before the internet coalesced. Google Heller Information Services and you'll see why I use them. They support mail and web pages from individuals, businesses and the federal government,
The feature stops tracking by using a different MAC address on different networks. It doesn't stop tracking on the same network (although Apple has indicated that it could take it to that next level in the future).
In the early iOS/iPadOS 14 betas, it did change per reconnection. But that’s been fixed since mid-beta and also in GM.
Not sure about Cisco platform. For UniFi platform, it’s been tested and working well across iOS/iPadOS 14 and watchOS 7 devices.
It could be that it's just EOL, that would be too bad. But what are the odds for this to happen at the exact time of the iOS upgrade?
Has anyone else seen this, or am I the last one still using this Airport base station?
Today, I'm at a B&B fo 2 days. I signed into the B&B wifi, no problem. Went to dinner, came back to B&B, and iPhone won't connect no matter what I do.
I've tried all the solutions I found on web using my new MacBookPro, (also w/ newest update 10.15.6), which connects, no problem, but nothing fixes the iOS 14 iPhone.
My wife's not-yet-updated iPhone 11 gets onto the B&B WiFi perfectly, both before and AFTER dinner.
So, it's clearly an iOS14 issue.
Any suggestions? (Already tried hard restart; toggle wifi off/on; toggled 'private' on/off; toggled wifi calling assist (I use that at home);
One issue is that, since I can't sign onto the B&B wifi now, I cannot find anywhere in the wifi window to 'forget' that network, which has helped from my many years of wifi troubleshooting.
Help if you can; thanks in advance. BtheB