How to manage or disable MAC randomization in iOS and iPadOS 14


Apple’s latest characteristic enhances community safety, however it could trigger disruptions when customers be a part of wi-fi networks from iOS gadgets. This is easy methods to work round them.

Picture: iStock/Ivan-balvan

Apple launched iOS 14 and iPadOS 14, its newest variations of the cell working methods, in September. Whereas the rollout has been largely trouble-free to customers and enterprises deploying the most recent replace, there was a particular hiccup that impacts the way in which by which gadgets connect with wi-fi networks that has been inflicting some kerfuffle in organizations.

SEE: TechRepublic Premium editorial calendar: IT insurance policies, checklists, toolkits, and analysis for obtain  (TechRepublic Premium)

The problem comes from the MAC randomization, or the Non-public Handle characteristic, which reinforces a tool’s safety whereas on a wi-fi community by masking its MAC deal with with a modified one to guard the privateness of the system and the person, and their whereabouts whereas accessing the web on the community to which they’re linked.

The purpose of this characteristic is to guard customers from being tracked whereas on public hotspots. And whereas the characteristic works as designed, it additionally has the added draw back of limiting or altogether stopping entry to sure wi-fi networks or community companies, relying on the community or service’s configuration. This has been inflicting complications for networks counting on the true MAC deal with of the system to offer entry to networks and companies.

Fortunately, the characteristic doesn’t have an effect on all wi-fi community distributors or all community implementations. Plus, the way in which by which the characteristic is included into iOS and iPadOS makes it comparatively straightforward to appropriate or disable—both by the customers themselves or by means of a Cellular Gadget Community (MDM) if the system is enrolled and configured appropriately. Under, we dive into easy methods to go determine whether or not MAC randomization is enabled, what are among the extra generally affected companies, and easy methods to work round it to re-establish entry to networks and companies.

One MAC per SSID that adjustments typically

A part of the MAC randomization or non-public deal with spec requires {that a} new MAC deal with be generated—at random—for every SSID (wi-fi community) a tool connects to. Additionally, this non-public deal with have to be distinctive for every community, so in case you connect with Wi-Fi at house, work, and the native espresso store, a brand new non-public deal with can be generated for every of the completely different networks accessed. Each 24 hours a brand new non-public deal with can be regenerated, including one other layer of safety and complexity.

SEE: Easy methods to safe your iOS Lock Display (TechRepublic)

Notice: Apple has but to offer readability on the 24-hour regeneration timeframe. Some distributors have famous this to be the case whereas others haven’t. Regardless of this, Apple has mentioned that the extra step of randomizing MAC addresses can be a complimentary setting to this characteristic sooner or later.

Figuring out if MAC randomization is enabled 

Figuring out the non-public deal with used on a tool regionally is as straightforward as going to Settings, Wi-Fi, then tapping on the linked wi-fi community’s identify to view the configuration. If the Non-public Handle setting is enabled, the Wi-Fi Handle setting beneath it should show the non-public deal with getting used.

Figuring out the non-public deal with used on gadgets remotely can be a bit harder. If the system is being managed with an MDM, accessing the document of the system in query and searching up the MAC deal with ought to reveal probably the most just lately up to date system data. If the MAC deal with displayed matches one of many codecs beneath, the system probably has a personal deal with enabled.


Frequent companies affected by utilizing a personal deal with 

Let me stress that enabling MAC randomization doesn’t inherently imply the next companies can be affected nor that the listing is exhaustive. To what diploma non-public addresses have an effect on entry to networks or companies will come all the way down to how the community or service is configured and the way the wi-fi gear vendor handles MAC randomization.


The IP deal with leasing service might not be capable of assign an deal with to your system utilizing a spoofed MAC deal with. Some gadgets appear to timeout when requesting an IP deal with, which prevents them from accessing the community or its assets. In different situations, when the DHCP server binds an IP deal with to the true MAC deal with, comparable to a tool that has linked to that community earlier than updating to iOS 14, when it reconnects utilizing the non-public deal with it’s assigned the identical IP as was beforehand sure to the true MAC deal with inflicting duplicate IP deal with points within the DHCP database. 

SEE: Easy methods to use the group messaging options in iOS 14 (TechRepublic)

MAC filtering

MAC filtering works by granting entry solely to a specified set of gadgets to both entry the community assets or web entry, or each. If using some kind of MAC filtering based mostly on the true MAC deal with of a tool, when a tool with the non-public deal with characteristic enabled connects, the MAC deal with used to speak with the community can be completely different and can possible be blocked from accessing the community or assets.

Cellular Gadget Administration

Much like MAC filtering above, some MDM distributors assign distinctive numbers to determine a tool’s document within the database, others use the serial quantity or the MAC deal with. For the reason that non-public deal with is completely different from the true MAC deal with, this may occasionally result in these gadgets not updating their standing to the MDM server, or worse, not speaking any knowledge, together with configuration profiles and app deployment, main the system to not solely be inaccessible, but in addition not receive the most recent safety, configuration, and apps required.

SEE: 5 MDM options value testing (TechRepublic)

Linked to community however no community entry

One other widespread habits affecting wi-fi methods from a number of completely different distributors is that gadgets will connect with wi-fi networks and should even receive a sound IP on the community’s subnet however will fail to transmit/obtain any knowledge. That is very true if the system saved connectivity profiles from earlier than updating to iOS 14. 

Flip off the non-public deal with characteristic 

Whereas there are some potential options to mitigate the results of MAC randomization in your networks, many of those options are site-specific, relying nearly completely on how your specific community is ready up.

SEE: Greatest hidden options in iOS 14 (TechRepublic)

For a extra user-centric answer to resolving this situation regionally, customers can merely go to Settings, Wi-Fi, then faucet on the wi-fi community they’re attempting to connect with, and toggle Non-public Handle Off. Do observe that the non-public deal with characteristic is one which works per-network, so if there are 20 completely different saved networks on the system, the person might want to manually toggle off the setting as soon as for every community. The excellent news is that not each community might require a personal deal with to be turned off, so it solely must be accomplished on these which can be being affected by connectivity points.

For a holistic answer to resolving this situation remotely, gadgets which can be enrolled in MDM options can create a configuration profile utilizing the Wi-Fi payload to specify the identify of the wi-fi community they want to modify settings on, and toggle on the setting named “Disable affiliation MAC deal with randomization.” This may change the settings of the named SSID and disable non-public addresses for that community concurrently. The configuration profile might embody extra payloads inside it disabling MAC randomization for a number of SSIDs.

Additionally see

Source link


Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *