You probably know that MAC addresses are identifiers. They are how data packets get addressed/routed between devices. Because of this, they need to be unique (ever try to get your friend Steve’s attention in a room full of Steves?). This leads to MAC addresses being assigned to network capable devices (PC network cards, mobile phones, etc) and they are generally fixed. In other words, once assigned, that device always has that MAC address. On networks like wifi, the MAC address is broadcast in the clear (unencrypted) during network discovery. With the right equipment, people within range of a device can listen for those broadcasts. At this point MAC addresses are still not personally identifiable information, which means they can’t be associated with a particular person.
Now, assume someone notices certain people frequenting certain places with some consistency. By cataloging MAC addresses and associating with the comings and goings of those people (surveillance) the bad guys can associate a MAC address with a person with a high probability. More surveillance gives greater probability. Ok, now you have made the MAC address personally identifiable information. With this, you can now at least track people at a relatively short distance and that distance increases with even more specialized tools.
Taking this a bit farther, now you can also start sending packets yourself impersonating that person’s device or trick that device into thinking you’re the network they’re trying to connect to. At the very least, you can sniff packets and filter them from all the other traffic your equipment is bound to receive.
There are surely more things true black hats can do but I’m not knowledgeable enough to expand more.
To combat this, randomizing MAC addresses is something operating systems and wifi firmware have evolved to do. Actually having another device on the network with the randomly generated MAC address is suuuuper unlikely but to be honest, I’m not clear how long the randomized MAC address is used. Maybe it’s only for network discovery and then the fixed MAC address is used…not sure.
Latest Answers