Security flaws smash worthless privacy protection

Analysis To protect mobile devices from being tracked as they move through Wi-Fi-rich environments, there's a technique known as MAC address randomization. This replaces the number that uniquely identifies a device's wireless hardware with randomly generated values.

In theory, this prevents scumbags from tracking devices from network to network, and by extension the individuals using them, because the devices in question call out to these nearby networks using different hardware identifiers.


It's a real issue because stores can buy Wi-Fi equipment that logs smartphones' MAC addresses, so that shoppers are recognized by their handheld when they next walk in, or walk into affiliate shop with the same creepy system present. This could be used to alert assistants, or to follow people from department to department, store to store, and then sell that data to marketers and ad companies.

Public wireless hotspots can do the same. Transport for London in the UK, for instance, used these techniques to study Tube passengers.

Regularly changing a device's MAC address is supposed to defeat this tracking.

But it turns out to be completely worthless, due to a combination of implementation flaws and vulnerabilities. That and the fact that MAC address randomization is not enabled on the majority of Android phones.


In a paper published on Wednesday, US Naval Academy researchers report that they were able to "track 100 per cent of devices using randomization, regardless of manufacturer, by exploiting a previously unknown flaw in the way existing wireless chipsets handle low-level control frames."

Beyond this one vulnerability, an active RTS (Request to Send) attack, the researchers also identify several alternative deanonymization techniques that work against certain types of devices.

Cellular radio hardware has its own set of security and privacy issues; these are not considered in the Naval Academy study, which focuses on Android and iOS devices.

Each 802.11 network interface in a mobile phone has a 48-bit MAC address layer-2 hardware identifier, one that's supposed to be persistent and globally unique.

Hardware makers can register with the Institute of Electrical and Electronics Engineers (IEEE) to buy a block of MAC addresses for their networking products: the manufacturer is assigned a three-byte Organizationally Unique Identifier, or OUI, with is combined with an additional three-byte identifier that can be set to any value. Put those six bytes together, and you've got a 48-bit MAC address that should be globally unique for each device.

The IEEE's registration system makes it easy to identify the maker of a particular piece of network hardware. The IEEE also provides the ability to purchase a private OUI that's not associated with a company name, but according to the researchers "this additional privacy feature is not currently used by any major manufacturers that we are aware of."

Alternatively, the IEEE offers a Company Identifier, or CID, which is another three-byte prefix that can be combined with three additional bytes to form 48-bit MAC addresses. CID addresses can be used in situations where global uniqueness is not required. These CID numbers tend to be used for MAC address randomization and are usually transmitted when a device unassociated with a specific access point broadcasts 802.11 probe requests, the paper explains.

The researchers focused on devices unassociated with a network access point – as might happen when walking down the street through various Wi-Fi networks – rather than those associated and authenticated with a specific access point, where the privacy concerns differ and unique global MAC addresses come into play.


Previous security research has shown that flaws in the Wi-Fi Protected Setup (WPS) protocol can be used to reverse engineer a device's globally unique MAC address through a technique called Universally Unique IDentifier-Enrollee (UUID-E) reversal. The US Naval Academy study builds upon that work by focusing on randomized MAC address implementations.


The researchers found that "the overwhelming majority of Android devices are not implementing the available randomization capabilities built into the Android OS," which makes such Android devices trivial to track. It's not clear why this is the case, but the researchers speculate that 802.11 chipset and firmware incompatibilities might be part of it.

Samsung v Apple

Surprisingly, Samsung devices, which accounted for 23 per cent of the researcher's Android data set, show no evidence of implementing MAC address randomization.

Apple, meanwhile, introduced MAC address randomization in iOS 8, only to break it in iOS 10. While the researchers were evaluating devices last year, Apple launched iOS 10 and changed its network probe broadcasts to include a distinct Information Element (IE), data added to Wi-Fi management frames to extend the Wi-Fi protocol.

"Inexplicably the addition of an Apple vendor-specific IE was added to all transmitted probe requests," the paper explains. "This made identification of iOS 10 Apple devices trivial regardless of the use of MAC address randomization."

This shortcoming aside, Apple handles randomization correctly, in the sense that it properly randomizes the full 48-bits available for MAC addresses (with the exception of the Universal/Local bit, set to distinguish between global MAC addresses and the local ones used for randomization, and the Unicast/Multicast Bit).

The researchers find this interesting because the IEEE charges a fee for using the first three bytes of that space for CID prefixes, "meaning that Apple is freely making use of address space that other companies have paid for."

In a phone interview with The Register, Travis Mayberry, assistant professor at the US Naval Academy and one of the paper's co-authors, expressed surprise that something like 70 per cent of Android phones tested did not implement MAC address randomization.

"It's strange that Android was so vulnerable," he said. "It's just really bad at doing what it was supposed to do."

'Closest to being pretty good'

Apple, meanwhile, fared better in terms of effort, though not results. "Apple is the closest to being pretty good," Mayberry said, but noted that Apple devices, despite the advantage of hardware consistency, are still vulnerable to an RTS (Request to Send) attack. Sending RTS frames to an Apple phone forces the device to reveal its global unique MAC address, rather than the randomized one normally presented to the hotspot.


"No matter how hard you try, you can't defend against that because it's a property of the wireless chip itself," said Mayberry.

There was single Android phone that fared well. "The one Android phone that was resistant to our passive attacks was the CAT S60 which is some kind of 'tough' phone used on construction sites and the like," Mayberry explained in an email. "It did not have a recognizable fingerprint and did not ever transmit its global MAC except when associating. It was still vulnerable to our active RTS attack though, since like I said, that is a problem with the actual chips and effects every phone."

Mayberry was at a loss to explain why Apple shot itself in the foot by adding a trackable identifier to a system that previously worked well.

"I initially thought it might be to support some of the 'continuity' features where multiple apple devices can discover and exchange stuff like open browser tabs and clipboard contents but that came out in earlier versions of iOS," he said. "It also might be linked to the HomeKit features that they added in iOS to control IoT devices. Basically it would have to be to purposefully identify and discover other Apple devices that are not associated, otherwise we wouldn't see it in probe requests. All of this is pure speculation though and we really don't have a strong reason for it."

Mayberry said he hoped the research would help the industry understand the consequences of everyone doing things differently. There's no generally accepted way to handle MAC address randomization. "There are so many phones not using it," he said. "There should be a standard." ®

Source: This article was published on theregister.co.uk

Categorized in Internet Privacy

Everything you need to know to tweak additional battery life from your Mac, iPhone, or iPad.

If you want to tweak the most battery life you can from your iPhone, iPad or MacBook (Pro) you’ll want to review these tips, some can squeeze a little more time from limited charge, but others you need to use early for best results.

iPhone, iPad, iOS battery life tips

Here are some of the best tips to squeeze extra power from an iOS device (iPhone, iPad, iPod touch).

Up to date

Make sure your iOS is kept up-to-date to ensure your device is utilizing Apple’s latest battery life preserving tweaks.


Battery usage

Get to know your battery. Open Settings>Battery and wait for your Battery Usage data to load. You’ll be able to see which apps use the most power and switch them off.

Reduce Brightness

Open Settings>Display & Brightness and disable Auto-Brightness. You should also reduce the brightness of your device using the slider here (or in Control Center).


You will save some power by setting your device to lock in the shortest available time, which is 30-seconds. You achieve this in Settings>Display & Brightness>Auto-Lock.


Use AirPlane Mode to control connectivity

If you don’t need to use Bluetooth, Cellular, or Wi-Fi, then you should swipe up from the bottom of the display to raise Control Center and then tap the Airplane Mode button to on.  If you need to use Bluetooth or Wi-Fi you can always enable them using their settings in Control Center, as even limiting cellular connection will save a little more power. If you are in a location with poor cellular coverage you’ll save significant power by disabling the cellular radio in your device – this is because it constantly seeks a strong connection, using battery power as it does. You can enable and disable Bluetooth and Wi-Fi manually inside Control Center if you need to keep cellular coverage. Wi-Fi uses less power than cellular, Apple claims.

Switch off AirDrop

You can disable AirDrop manually in Control Center. Just swipe up to get to Control Center, tap the AirDrop item, and set it to ‘Receiving Off’. This saves a good amount of energy as it works by scanning for nearby devices when it is active. That’s also why Apple disables it in Low Power Mode (see below).


Switch it down

You’ll also want to switch down the volume on your device and turn off Vibrate on Ring and Vibrate on Silent to further trim power need. You can also switch off Background App Refresh in Settings>General, though this is done automatically for you in Low Power Mode, which may be better if you’re likely to forget to switch this one again.

Reduce Motion and other stories

Apple’s parallax and other visual effects can be disabled to save a little energy. Once again, Apple’s Low Power Mode will do this, but here’s how to do it yourself:

Settings>General>Accessibility, and switch on Reduce Motion.

You can also try switching off Spotlight settings in General>Spotlight Search where you can define which sites and apps it uses to search.

Notifications control

Do you have apps set to share Notifications that you don’t read or don’t use? You probably do. Open Settings>Notifications to find an extensive list of all the apps capable of sharing notifications through your device. Tap on the ones you aren’t interested in and selecting None to prevent receiving items from that app, or switch off Allow Notifications from that app to disable it completely.

Don’t push that Mail

When you want to maximize battery life you will want to disable Push email, as this requires plenty of power. To do so in Settings>Mail>Contacts &Calendars choose Fetch New Data and turn Push to Off. You can now choose to check for emails at certain intervals, or switch it to Manually for best control (and best power saving). Once again, this is what Low Power Mode does for you.

Silence Siri

Open Settings>Siri and switch it off. You’ll miss it, but doing so may help conserve a little more power.

Location Services

In Settings>Privacy>Location Services toggle these to off. You will no longer be able to use all your apps and services, but you will also stop your device trying to figure out where it is. Alternatively disable location services for those apps you won’t need to use.

Browser control

Every Safari website has its own scripts, ads and ‘other stuff’. These don’t take up too much power, but the combined demand mounts up. If you want to extend battery life it makes sense to close any browser window you don’t need to use. You don’t need to quit Safari (the apps themselves make little difference when conserving power), but it is worth quitting some websites.

Ditch Facebook

I continue to believe you will save significant power by deleting the Facebook and Messenger apps from your device. You can always check the site and your messages using Safari.  

Automatic Downloads

You’ll want to open Settings>iTunes & App Store and switch Automatic Downloads off.

Other things to avoid

It may sound a little obvious, but avoiding media playback, games and camera usage will all help you squeeze a little more use out of your device.

The very best tip: Low Power Mode

The most useful power saving measure you’ll find is only available on iOS devices and is called Low Power Mode.

It works like this: When your battery level falls to 20 percent your smartphone will warn you about it and let you enter the power-saving mode with one tap. When in this mode, display brightness will be reduced, Mail and other apps will not download content in the background, and features like iCloud Sync and AirDrop will be disabled. Device performance and system animations are also optimized.

You can still make calls, access the ‘net and uses messages and email in this mode, but you’ll find your battery life lasts a whole lot longer. You can also enable this mode before your power runs down.

Why Apple hasn’t built a similarly effective tool for Mac users to use to tweak battery life out of their systems eludes me.

Mac battery life tips

At time of writing, Apple’s mobile Macs include the MacBook, MacBook Air and MacBook Pro. Here are some of the ways in which you can get more usable time from your battery. Read this article for effective advice on understanding and maintaining battery condition.

The basic tricks

Always keep your Mac software up-to-date using Software Update. Apple routinely applies enhancements to your system performance, often enabling better battery life when it does.

You should also get to know System Preferences>Energy Saver. This offers several settings that can help reduce power demand:

The ‘turn display off after’ slider helps you save power by reducing the amount of time your display remains active when not in use. To maximize usable time and reduce power demands you should also tick 'Put hard disks to sleep when possible', and 'Slightly dim the display while on battery power'.

Cut demand

You can also reduce power draw by disabling any system features you don’t need to use.

You can dim your screen; turn off Bluetooth; turn off Wi-Fi and Mute sound. You will also save a little more power by disconnecting any peripheral devices. If you are using a Mac with an optical drive, make sure to eject a disk you may have inside.


When you are using the apps you like to use most often and you are connected to power (ie. Not when you are trying to reduce power draw), launch Activity Monitor and take a look at the CPU and Energy readings. You will probably find Safari, Mail, and any imaging or video editing apps have consumed the most power. Another thing you can do is tap on the Battery Power indicator in Menu. When you do you will be shown a list of apps that are using significant quantities of power. You will certainly want to quit any power-hungry apps (if possible) when you want to maximize battery life. You should also quit any app you don’t need to use at the time, and also avoid power-hungry Websites such as most social networks and video sharing sites. Following these steps significantly reduces power draw.

Browser tips

Every website you have open in Safari probably consumes some system resources. This is why you should close any web pages or browser windows you don’t need when trying to tweak battery performance.

Another useful tip: In Safari Preferences>Advanced enable the Stop plug-ins to save power setting.

Activity Monitor

Launch Activity Monitor and select CPU>All Processes. If you find any app, website, or process that is taking c.70 percent of power you’ll want to disable it. To do so, select the item in the list and then tap the X button top left. This quits the app/process. (You’d be surprised how some poorly-built websites also suck power from your Mac, get to know which ones they are and avoid them when you need more battery time).

Invert colors

You may get a little more battery life if you can work with in this mode. The first step is to open System Preferences>Desktop & Screen Saver>Desktop>Solid Colors and choose the white tile. Next you select System Preferences>Accessibility and tick Invert colors. You’ll end up with a low power demand but very black display.

More Accessibility

There are some other settings you may want to change in the Accessibility pane. I find the all-dark Mac hard to work with, so I sometimes tick the ‘Use grayscale’ item to switch to an all gray Mac. You should also reduce power demand by ticking the ‘Reduce Motion’ and ‘Reduce Transparency’ items here.

Turn it off

There are some application settings you can disable to save a little more power:

If you use a Mac with an illuminated keyboard you may want to turn down the brightness or switch this feature off. Open System Preferences>Keyboard and uncheck ‘Adjust keyboard brightness in low light’.

Limit the apps that can check for Notifications in System Preferences>Notifications. (Or switch on Do Not Disturb to disable them completely).

Stop Mail from automatically checking for new messages in Mail Preferences>General, where you should switch Check for New Messages to ‘Manually’.

Some Mac users also disable their Spotlight preferences by dragging their Mac disk across to the Privacy pane in Spotlight System Preferences.

Feature request

Surely Apple can create a single power saving pane that lets Mac users change all these settings from one place? It could call it Low Power Mode…

What have I missed?

Have I missed a power-saving tip you use yourself? Or do you have other ideas to reduce power demand on Apple devices? Let me know through the social media feeds below.

Google+? If you use social media and happen to be a Google+ user, why not join AppleHolic's Kool Aid Corner community and join the conversation as we pursue the spirit of the New Model Apple?

Got a story?Drop me a line via Twitter. I'd like it if you chose to follow me there so I can let you know when fresh items are published here first on Computerworld.

Source: This article was published on computerworld.com

Categorized in How to


Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.

Follow Us on Social Media