Friday March 16, 2012

Apple Devices Broadcast Recently Seen MAC Addresses

While you bask in the glow of your new Retina display today, here’s a piece discussing how Apple devices broadcast MAC addresses of wireless access points that they’ve recently seen. This is bad because MAC addresses are easily mapped back to physical locations using services like Skyhook or the other databases managed by Google and Microsoft. If you leave your iPhone WiFi antenna on, you’re potentially broadcasting the general geography you’ve been near recently.

The article is frustratingly sparse on details, given its “convenience vs. security” rant. I’m disappointed at this MAC address broadcasting myself, but if we’re going to start discussing security tradeoffs then I’d like to know more about what problem Apple thinks they are solving by broadcasting these addresses.

Is this really about convenience vs. security? Or a lazy security hole that Apple should patch?

UPDATE:

Randy Beiter shot me a plausible reason why devices might want to share MAC addresses. Thanks Randy!

@jonathanpenn I can dream up Bonjour/0 config use cases that suggest AP’s to your other devices but overall it’s a pretty scary/dumb idea.