Overview
On 16 September 2020 Apple released iOS 14, the latest iteration of their mobile Operating System for iPhone, iPad and Watch. A major change in this release, the "private Wi-Fi address" feature, can cause connectivity issues with Enterprise Wi-Fi systems.
All networked smart devices have a unique identifier called a MAC address, which looks something like this:
AA:BB:CC:00:11:22
Until now, these have typically been fixed, or static, meaning they do not change and are unique for each device. Many Enterprise wireless network security implementations use the MAC address to help secure the network by preventing access from unautorised devices, and reducing the risk of credential theft. One criticism of this approach is that a static MAC address makes it possible to track a device across various networks that it may use leading to privacy concerns.
iOS14 private Wi-Fi addresses randomise this identifier, presenting a different MAC address to each and every wireless access point it connects to, each of which is refreshed every 24 hours. This is intended to improve privacy, however it can cause problems with wireless networks, including Dot11, that rely on the MAC address to identify authorised devices.
More information from Apple:
You can read more about these changes in iOS 14 here at the following URL:
Apple Support Page: Use private Wi-Fi addresses in iOS 14, iPadOS 14, and watchOS 7
Disable Private Wi-Fi Address for Dot11
The Apple website advises "for better privacy, leave the setting on for all networks that support it", which tells us that they are aware that a significant number of networks will not support it.
Here at Excell, we agree that Private Wi-Fi Addresses are an excellent way of ensuring your privacy when you are using a public network such as in a coffee shop or airport. Those benefits are outweighed, however, by the reduction in functionality for a highly secure, enterprise-class private network such as Dot11. The feature should be disabled to enjoy the best Dot11 experience, securely.
Client MAC addresses are used only by Excell for the security and successful delivery of network services to customers. This information will never be shared or sold to third parties, and all data is subject to strict provisions as laid out in our privacy policy and related data policies.
The instructions from the Apple website for disabling this feature on a specific network have been copied and pasted below.
Turn private address off or on for a network
You can stop or resume using a private address with any network. For better privacy, leave the setting on for all networks that support it.
iPhone, iPad, or iPod touch
- Open the Settings app, then tap Wi-Fi.
- Tap the information button
next to Dot11 in your network list.
- Tap Private Address. If your device joined the network without using a private address, a privacy warning explains why.
Apple Watch
- Open the Settings app, then tap Wi-Fi.
- Tap the name of the network you joined (Dot11). If you haven't joined the network yet, swipe left on its name and tap more
.
- Tap Private Address.
Source: https://support.apple.com/en-us/HT211227
If you have any problems with this process please don't hesitate to raise a ticket.
Comments
0 comments
Please sign in to leave a comment.