Since version 4 of the iOS operating system, Apple's iPhones, iPads and iPods have been capable of handling IPv6, and most Android devices have been capable since version 2.1. However, the operating systems transfer an ID that discloses information about their users: devices usually determine half of their IPv6 address (the "interface identifier") themselves. On a wireless network, the smartphones don't appear to be careful enough with this task; they simply add the same two bytes to their globally unique MAC address and use it as their identifier. As a result, they transfer a unique hardware ID whenever they communicate with an IPv6-enabled server.

The issue is particularly sensitive because such devices tend to be used by one specific person. As a result, the MAC address, which is accessible to any server operator and network monitor, allows this user to be identified.

The basic problem isn't an IPv6 issue, because various other methods for generating the address are available. For instance, a device can generate a random interface identifier and replace it on a regular basis. This method is called Privacy Extensions and is the factory-set option in Windows; it can also be enabled in other operating systems.

It's the smartphone users who haven't got a chance: mobile devices running Apple's iOS or Android offer neither the option to enable Privacy Extensions nor the option to disable IPv6 – anyone who uses an affected device on an IPv6-enabled wireless network will transmit their ID.

The only thing the smartphones are lacking is a control option in the user interface, as the Privacy Extensions do come as part of their kernel. For instance, on a (jailbroken) iOS 4 device with root access, they can be enabled with the same command that enables them on a desktop device running Mac OS X:

sysctl -w net.inet6.ip6.use_tempaddr=1

The problem is currently only affecting a small number of users because IPv6 is not yet in widespread use. However, German Telekom and several other IPs plan to offer IPv6 in addition to the old IPv4 during this year. In addition, there are such routers as the Cisco Linksys E3000, which will, without requesting user consent, even establish an IPv6 connection via a 6to4 conversion when their internet access is purely IPv4.



This iPhone's Wi-Fi MAC address is probably 00:26:08:60:FA:AF

You can check whether you are using such a telltale IPv6 address with an online tool available on the heise Germany web site: the version of "My-Ip-Service" on the server – only accessible via IPv6 – http://www.six.heise.de/ip, will display your IPv6 address if you have IPv6-enabled internet access. If the combination ff:fe marks the boundary between the third-but-last and second-but-last address segments, the six bytes before and after it are likely to be your MAC address.

See also:

The big IPv6 experiment, a report from The H.

(crve)