17 September 2020 22:33
Cisco has warned that an iOS 14 privacy feature can break some network setups used by corporations, schools, colleges, and retail chains. The potential problems result from the the fact that iPhone and iPads on the latest OS default to using a random MAC address when connecting to Wi-Fi networks … Apple introduced the feature as a privacy protection, primarily against retailers who use MAC addresses to track customers who connect to their Wi-Fi networks. Using a random MAC address breaks that – which most of us would consider to be a good thing – but it can also break device-management systems used in companies and educational establishments. Cisco explained the problem, which also applies to the same feature in Android 10. The company says it can break Cisco Identity Services Engine (ISE) services as it uses MAC address lookup.
This can impact two key systems used by many organizations. Mobile Device Management (MDM) systems. These are used when deploying devices owned by the organization to employees or students. MDM ensures that all devices have the same configuration, apps, security policies, and so on. Devices can be automatically updated to the latest configuration when they connect to the network, but random MAC addresses mean that they may no longer be recognized.
The same problem applies to Bring Your Own Device (BYOD) systems, where employees and students are allowed to use their own devices to connect to organizational networks, provided that the devices comply with certain security requirements. The MAC address of the client at the time of BYOD onboarding is embedded in the certificate that is returned to the client. Due to this, a dual-SSID flow using MAC-in-SAN or BYOD_is_Registered condition will fail as the MAC address between the onboarding SSID and the secured SSID is different. This is also true for single-SSID flows for devices that are upgraded from a previous version of iOS to iOS 14 (single-SSID flows for devices upgraded to Android 10 are unaffected) as the MAC address randomization is enabled by default on all SSIDs on the device. Worse, Cisco says there is no easy solution to this beyond asking users to switch off the feature on their devices. There is currently no large scale solution for the issues introduced by third-party MAC address randomization, only workarounds are available […] For Profiling and MDM services, end users can be instructed to disable MAC address randomization on the device before obtaining intended network access. In order to do so, users can be redirected to a modified hotspot page that provides instructions to disable MAC address randomization when the device uses a random MAC address to connect to the network. Once MAC address randomization is disabled, the user can connect normally. If your company or school asks you to switch off this iOS 14 privacy feature, it's likely to avoid these issues. FTC: We use income earning auto affiliate links. Check out 9to5Mac on YouTube for more Apple news: iOS 14's rapid release has devs worried Watch Now iOS 14 is out, and if you're brave enough to install it you will be getting some new security and privacy features. Some are visible, others are buried in the operating system. Let's go on a quick tour of five new settings and features you need to know about. Must read: Coronavirus fears are destroying Ring doorbells Camera and microphone access Every time an app accesses your camera or microphone, a dot appears above the signal strength meter. A green dot for when the camera is accessed (similar to the green LED that lights up on Macs when the camera is on), and an orange dot for microphone access. Also, if you access Control Center, there's a notice at the top showing you recent apps that have accessed the camera or microphone. Copy/paste notification When data is copied and pasted a notification is shown on screen in the form of a popup. This is a simple yet effective way to know if apps are snooping on your clipboard. This is automatic and there's no user-input required and no way to turn it off. Don't let apps get your precise location Now you have the option to allow apps access to your general location, but not your precise location. It's nice to have the choice to use location data without giving a pinpoint location. To access this setting go to Settings> Privacy> Location Services and then check the settings for the apps that have access to your location. Apps requesting local network access Another thing that you'll see after installing iOS 14/iPadOS 14 is apps requesting local network access. Some apps need this--they may be used to control Bluetooth or WiFi gadgets--but why other apps need it is somewhat hazy. You get the choice. And if you change your mind, you can head over to Settings> Privacy> Local Network and change your mind. Put a stop to Wi-Fi tracking iOS 14/1PadOS 14 can supply a random "private" MAC address when you join or reconnect to a Wi-Fi network. This can help prevent you being tracked when using network connections. This feature is on by default and you can find it by going Settings> Wi-Fi and then click on the "i" in a circle next to the network. Note that while this works fine on most networks, it can cause issues. For example, some smart networks are designed to send out a notification when a new device connects. It can also mess with parental controls or corporate/enterprise networks where permissions are assigned based on MAC address (it not recommended to use MAC address for authentication, but it happens). If you have problems on certain Wi-Fi networks, you may have to turn this feature off.