Bballrob

macrumors 6502a
Original poster
Jul 11, 2017
541
590
Alaska
So I discovered something very odd today. I was checking some WiFi settings in my Airport Utility. I saw a couple of MAC addresses that weren’t at all familiar, so I set up blocks for them. After resetting the AirPort, I couldn’t connect to the WiFi with my own device. I ended up grabbing my sons iPod and doing some experimenting to figure out what had happened.

Basically, my iPhone XR has a new MAC address, at least that it is broadcasting, and this was one of the new MAC addresses that I had just blocked. The thing is, when I go to Settings>General>About, the original MAC address is still showing on the phone.

The other “changed” MAC address was my iPad Air 2.

I have no idea what caused this. I updated both of those to iOS 14 about a day after it was released.

I’m not using a VPN or anything like that and never have on either of these devices.

Any ideas as to what could be causing this?
 

blaine07

macrumors 68020
Nov 14, 2014
2,396
2,263
Oklahoma
Go to WiFi in settings, click “I” next to network your connected to

The Private Address deal, turn it off. Google iOS 14 and Private Address and you’ll get all the info you need. :)

18b794b1eff71cce2655f8673211c555.png


Meh, here...


 

krifor03

macrumors member
Sep 24, 2020
64
77
blaine07 is correct.

Know though that this is a feature that outside of know private home networks (or corporate networks that do MAC filtering for those BYOD places), is best left ON. By using the random MAC address it helps your device from being fingerprinted out in the wild
 
  • Like
Reactions: blaine07

Bballrob

macrumors 6502a
Original poster
Jul 11, 2017
541
590
Alaska
This was the issue. Thanks for the help.

I don’t like this because if I’ve blocked a MAC address for my airport, the user of the blocked device can turn this on and get right back on.

When you use this private address feature, does it generate a new MAC address each time you toggle it on and off? Or is it the same private address every time??
 

blaine07

macrumors 68020
Nov 14, 2014
2,396
2,263
Oklahoma
This was the issue. Thanks for the help.

I don’t like this because if I’ve blocked a MAC address for my airport, the user of the blocked device can turn this on and get right back on.

When you use this private address feature, does it generate a new MAC address each time you toggle it on and off? Or is it the same private address every time??

I think it re-generates every time you connect to a WiFi network but not sure. Sorry
 

krifor03

macrumors member
Sep 24, 2020
64
77
This was the issue. Thanks for the help.

I don’t like this because if I’ve blocked a MAC address for my airport, the user of the blocked device can turn this on and get right back on.

When you use this private address feature, does it generate a new MAC address each time you toggle it on and off? Or is it the same private address every time??

In my experience it will keep the same random MAC for each network for a period of time, then regenerate...like DHCP issued IP addresses. For my home network, If I turn the feature off, then restart my phone, when I turn my phone back on and the randomized MAC feature it is the same random MAC it was before. So again, I believe the phone is keeping a log of SSID's and the assigned MAC, and those MACs are on a lease system, like IP addresses
 
  • Like
Reactions: brucemr

BrianBaughn

macrumors 604
Feb 13, 2011
7,840
1,476
Baltimore, Maryland
I don’t like this because if I’ve blocked a MAC address for my airport, the user of the blocked device can turn this on and get right back on.

And now you have first-hand experience with how MAC filtering isn't and wasn't really a reliable security feature. It's a bit better if you whitelist instead of blacklist, though.
 
  • Like
Reactions: chrfr

krifor03

macrumors member
Sep 24, 2020
64
77
And now you have first-hand experience with how MAC filtering isn't and wasn't really a reliable security feature. It's a bit better if you whitelist instead of blacklist, though.

wha??...yes you are correct, in a blacklist situation there are holes. But in the whitelist, like you mentioned, unless an attacker has access to that list as spoofs there MAC....how are they getting in🤨. The MAC works as advertised
 

Bballrob

macrumors 6502a
Original poster
Jul 11, 2017
541
590
Alaska
And now you have first-hand experience with how MAC filtering isn't and wasn't really a reliable security feature. It's a bit better if you whitelist instead of blacklist, though.

Is there a way to whitelist instead of blacklist on an airport device?
 

Bballrob

macrumors 6502a
Original poster
Jul 11, 2017
541
590
Alaska
I think you're going to have to use the password for access control.

Which I already do. What I’m running up against is, I’m trying to limit the access my children have to the network via their iPods and other devices. Before I could simply do it by setting the limits by MAC address in the airport. But once their time has expired, if they just switch to this “private” network, they can log right in because the password is already saved to their device. If there was a way to whitelist certain Mac addresses, they wouldn’t have this workaround even though they’d have the password saved in their devices. The device flashing the new MAC address wouldn’t be allowed on the WiFi at all.
 

BrianBaughn

macrumors 604
Feb 13, 2011
7,840
1,476
Baltimore, Maryland
Which I already do. What I’m running up against is, I’m trying to limit the access my children have to the network via their iPods and other devices. Before I could simply do it by setting the limits by MAC address in the airport. But once their time has expired, if they just switch to this “private” network, they can log right in because the password is already saved to their device. If there was a way to whitelist certain Mac addresses, they wouldn’t have this workaround even though they’d have the password saved in their devices. The device flashing the new MAC address wouldn’t be allowed on the WiFi at all.

Correct…and there's just about zero chance of Apple adding anything to the firmware on their seven-year-old routers.

To get what you're wanting I'm pretty sure you'll have to replace it or at the least add a new device to the chain that will do the filtering you need.

I suppose you've already looked into what controls the devices have onboard.
 

mrochester

macrumors 68030
Feb 8, 2009
2,502
756
Which I already do. What I’m running up against is, I’m trying to limit the access my children have to the network via their iPods and other devices. Before I could simply do it by setting the limits by MAC address in the airport. But once their time has expired, if they just switch to this “private” network, they can log right in because the password is already saved to their device. If there was a way to whitelist certain Mac addresses, they wouldn’t have this workaround even though they’d have the password saved in their devices. The device flashing the new MAC address wouldn’t be allowed on the WiFi at all.
Could you not set screentime limits on their devices instead?
 
  • Like
Reactions: Bballrob

Bballrob

macrumors 6502a
Original poster
Jul 11, 2017
541
590
Alaska
Could you not set screentime limits on their devices instead?

That light do it but I think I found a solution. I had posted a similar thread called Blocking From Airport and I think I got a solution in there that will give me exactly what I need.
 

Black Baron

Suspended
Nov 8, 2020
89
9
Germany
So I discovered something very odd today. I was checking some WiFi settings in my Airport Utility. I saw a couple of MAC addresses that weren’t at all familiar, so I set up blocks for them. After resetting the AirPort, I couldn’t connect to the WiFi with my own device. I ended up grabbing my sons iPod and doing some experimenting to figure out what had happened.

Basically, my iPhone XR has a new MAC address, at least that it is broadcasting, and this was one of the new MAC addresses that I had just blocked. The thing is, when I go to Settings>General>About, the original MAC address is still showing on the phone.

The other “changed” MAC address was my iPad Air 2.

I have no idea what caused this. I updated both of those to iOS 14 about a day after it was released.

I’m not using a VPN or anything like that and never have on either of these devices.

Any ideas as to what could be causing this?

I doesn't make sense to me at all. I had the same issue. All the MAC addresses of all my devices are set using Airport Utility. No access for all other MAC addresses.

This feature in iOS should be turned ON on my opinion. It shows the MAC address as I have entered in Aiport Utility for this iPhone. Why does wifi connect fail if turned on ???

iPhone is getting more and more a smartphone for developers but no longer for users with more more settings coming in after every iOS update. That's my opinion. iPhone has become a smartphone for developers!
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.