Frequent Contributor I

iOS 8 & MAC Address Randomization



Has anyone played w/ iOS 8 beta & have you ran into any issues w/ Airwave monitoring, or with any logging or tracking functionality?  


Guru Elite

Re: iOS 8

It's only for probing. The device associates with its own MAC address.

| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Trusted Contributor I

Re: iOS 8

Even so, will this not affect ClientMatch as it utilizes client probes?  I see this as potentially causing more issues, especially when troubleshooting a client association issue.  If you suspect a client probing issue, how are you going to identify the client probes with a packet capture?

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Occasional Contributor II

Re: iOS 8

Does anyone know if this will prevent MAC authentication from taking place?


If it probes the network with a random MAC but authenticates with its own correct MAC, i dont see that this should prevent MAC authentication from taking place.


On the other hand, if MAC authentication is in place as part of a layered security model, should the random MAC be in the list (is this going to be chosen from the Apple agreed list??) this could in effect authenticate a non authorised device, causing a security breach to the network




Super Contributor I

Re: iOS 8


I think that's the burning question -- how will these devices play with virtual beacons/11k, and legacy-mode client-match?  Apples already are one of the rockier platforms for match/steering and this feature doesn't bode well.  Hopefully it completely turns off while enterprise authed.







Re: iOS 8

Still remains to be seen what the effects will be, but once the device is actively associated to your wireless network it use it's own MAC-address. There is no ClientMatch etc before association right?


Tho - a system counting the number of MAC-addresses "probing the Air" will/might be worthless since all i-devices will probe with different MAC-address each time.


John Solberg

-ACMX #316 :: ACCX #902 :: ACSA
Aruba Partner Ambassador
Intelecom/NetNordic - Norway
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Search Airheads
Showing results for 
Search instead for 
Did you mean: