MAC Randomisation in Public and Enterprise Networks

Public Wi-Fi and iOS 18

For businesses and IT teams, a notable change in the iOS 18 update is the implementation of MAC address randomisation. This feature rotates a device's MAC address and assigns a new one when the device connects to a network. This update can improve user privacy on public WiFi networks but alternatively cause business disruptions.

Though these changes promote privacy on public WiFi networks, it's important to note that privacy enhancements do not mean security improvements.

Public Networks

MAC randomisation on iOS 18 is geared to increase the difficulty of tracking a device across different networks. This change aims to reduce profiling, data mining, and unwanted tracking. On public networks, this would mean that users receive more privacy. But it could also hinder customer experience. For example, a customer could be excited to earn repeat visit rewards only to find out that their visits were reset due to misidentification caused by MAC address changes.

Network Issues Caused by iOS 18 MAC Rotation

MAC randomisation can also cause connectivity issues on public WiFi. Having to repeatedly log in, being unable to reconnect to previous networks, and losing network services that rely on static MAC addresses are all potential issues that guests might run into.

Common connectivity issues linked to MAC address rotation:

• Repeated authentication: Since networks tend to see new MAC addresses as new devices, it might require the user to log in more than once.
• Connection drops: With each MAC address change, the network might drop a device's connection, thinking it's a new device that has not yet been authenticated.
• Unable to reconnect to previous networks: Random MAC address changes might prevent users from connecting because their devices do not match the address stored by the network.

MAC Randomisation Is About to Change How You Manage Network Security and Privacy

iOS 18 and MAC Randomisation is going to change public WiFi.

Rotating MAC addresses might cause networks to strain, analytics to fragment, and guests to drop due to a host of factors

We recently ran a webinar where we discussed how to mitigate the effects of the changes, click here to view the recording and download other useful resources.

Challenges of MAC Randomisation in Enterprise Networks

MAC address randomisation can increase the complexity of network operations. A few examples are:

1. Device Identification and Access: Enterprise networks that use static MAC addresses to monitor equipment could face duplicate or missing entries in their data sets. MAC randomisation would register existing devices as new devices which can complicate asset tracking if the network doesn't use alternative forms of tracking.
2. Network Authentication Issues: MAC address randomisation can affect device authentication if businesses rely on static addresses. Randomisation can lead to failed authentication attempts, repeat logins, and service disruptions. This can also pose security issues as blacklisted devices could attempt to gain authentication with a randomised MAC address.
3. Impact on Analytics: Businesses often use MAC addresses to gauge guest behaviour and movement through networks. With randomised MAC addresses, each device could potentially register as a new device, causing data fragments, leading to poor data over time.

Revising Security Policies to Accommodate iOS 18

iOS 18 can potentially create security concerns and businesses should look to security policies to accommodate. Some suggested policy updates could be:

1. Shift to User-Based Identification: Switch to user-based ID methods, such as certificates, credentials, or captive portal logins. This would help networks weed out unauthorised devices and only allow authenticated devices onto the network.
2. Update Network Access Controls: Implementing solutions like device fingerprinting could be an alternative way to track devices. This could be used as a supplement to other network access controls like user-based IDs.

Training IT Staff

IT staff are likely aware of how iOS 18 and MAC randomisation would affect network operations. However, here are a few tips to guide the training and standard operating procedures for IT teams:

• Understand How MAC Randomisation Affects Network Operations: MAC randomisation could affect a host of operations (as listed above in the article) and could potentially create security threats. Understanding how MAC randomisation works and how it plays in network operations could open up doors to finding solutions to problems before they start.
• User Education and Support: Provide IT staff and helpdesk with materials to educate end-users and non-technical staff. This could help mitigate repeat questions and solve network and connection issues before they happen.

MAC Randomisation Is About to Change How You Manage Network Security and Privacy

iOS 18 and MAC Randomisation is going to change public WiFi.

Rotating MAC addresses might cause networks to strain, analytics to fragment, and guests to drop due to a host of factors

We recently ran a webinar where we discussed how to mitigate the effects of the changes, click here to view the recording and download other useful resources.