iOS IPv6 address shouldn't disclose MAC address
| Originator: | futuretap | ||
| Number: | rdar://8904052 | Date Originated: | 22-Jan-2011 11:47 PM |
| Status: | Duplicate/8124006 | Resolved: | |
| Product: | iOS | Product Version: | 4.2.1 |
| Classification: | Security | Reproducible: | Always |
When using IPv6 on iOS, the trailing part of the IPv6 address includes the interface's MAC address (with the 7th bit of the first byte inverted). That way, the IP address allows to recognize specific devices even on subsequent visits. This is comparable to a super-cookie that can't be deleted for the lifetime of the device. On Mac OS X this behavior can be disabled by enabling the IPv6 privacy extensions using sysctl -w net.inet6.ip6.use_tempaddr=1 On iOS there is no such possibility. Please consider enabling the IPv6 privacy extensions by default (like - I hate to say it - Windows, for instance).
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!
Pleae don't
Please do not enable IPv6 privacy addresses by default. They significantly complicate network management.