The issue with a static MAC address is that it could be used as an identifier to detect/log the presence of a specific device. By extension, it could in theory to be used to detect/log the presence of a specific person known to be in possession of that device.
Since it’s easy enough to randomize it in specific cases, there’s little reason not to unless it breaks compatibility with a specific usage scenario.
A MAC address is a physical ID that is unique to your network card (Ethernet or wifi). This ID is used to identify yourself on the network and/or internet.
Imagine this another way, lets pretend that instead of having a phone number and email address, they were both just your government ID number (SIN/SSN for Canada/US, for others I am not sure, but I bet you have some number(and yes I know SIN and SSN is not a government ID.. just lets move on)). And you had to use that number, and you could NEVER change it. So if someone knew your ID number, they could forever contact you, no matter where you went or what you did.
Sounds scary, and easily abused? Well this is kind of how MAC ID’s work. Luckily we figured out pretty quick that this is a terrible idea, and you can now spoof and hide your true MAC ID. Which is basically the same as signing up for a gmail email address instead of giving out your SSN to everyone you meet.
You probably know that MAC addresses are identifiers. They are how data packets get addressed/routed between devices. Because of this, they need to be unique (ever try to get your friend Steve’s attention in a room full of Steves?). This leads to MAC addresses being assigned to network capable devices (PC network cards, mobile phones, etc) and they are generally fixed. In other words, once assigned, that device always has that MAC address. On networks like wifi, the MAC address is broadcast in the clear (unencrypted) during network discovery. With the right equipment, people within range of a device can listen for those broadcasts. At this point MAC addresses are still not personally identifiable information, which means they can’t be associated with a particular person.
Now, assume someone notices certain people frequenting certain places with some consistency. By cataloging MAC addresses and associating with the comings and goings of those people (surveillance) the bad guys can associate a MAC address with a person with a high probability. More surveillance gives greater probability. Ok, now you have made the MAC address personally identifiable information. With this, you can now at least track people at a relatively short distance and that distance increases with even more specialized tools.
Taking this a bit farther, now you can also start sending packets yourself impersonating that person’s device or trick that device into thinking you’re the network they’re trying to connect to. At the very least, you can sniff packets and filter them from all the other traffic your equipment is bound to receive.
There are surely more things true black hats can do but I’m not knowledgeable enough to expand more.
To combat this, randomizing MAC addresses is something operating systems and wifi firmware have evolved to do. Actually having another device on the network with the randomly generated MAC address is suuuuper unlikely but to be honest, I’m not clear how long the randomized MAC address is used. Maybe it’s only for network discovery and then the fixed MAC address is used…not sure.
Latest Answers