An exploration of iOS' MAC randomization feature and how it works in practice with Apple's iOS 9.
Apple uses a variety of scans for wireless LAN/physical location information. There are Preferred Network Offload (PNO) Scans, Enhanced Preferred Network Offload (ePNO) Scans, Location Scans and Auto Join Scans. Each of these scans, while mostly identical in frame format, are used at different times and for different reasons by the device. In order to decrease tracking (of you) based on MAC addresses Apple and other vendors (Microsoft, Android) have implemented MAC randomization. We wanted to know more about how the feature works on iOS 9.x so we did a little Wireshark / airodump-ng packet capturing of our own. In this video, we break down what we learned.
Our website: https://www.itdojo.com
Here's a link to the drone that we use in the video. http://amzn.to/2h2OD8D If you don't have one already...they sure are a lot of fun to play with!
Sources utilized in making this video:
Auto Join Scans: https://support.apple.com/en-us/HT204497
PNO and ePNO Scan info: http://isecurity-blog.com/ios-network-security/
iOS 8 MAC Randomization: https://www.internetretailer.com/2014/10/30/so-can-retailers-track-iphones-wi-fi-yes-and-no
More iOS 8 MAC Randomization info: http://blog.mojonetworks.com/ios8-mac-randomization-analyzed/
Location Services: https://support.apple.com/en-gb/HT203033
Randomization in iOS9 (Go to the 8:00 mark in this video): https://developer.apple.com/videos/play/wwdc2015/703/