NewsMarch 13, 2017 @ 11:30 AM

MAC Address Randomization Gets Clobbered

An increased interest in improved mobile user privacy with Wi-Fi networks grew the adoption of Media Access Control (MAC) address randomization. By using a device-created MAC, network transport could be done without a static link to the user being broadcast over the network. The hope was that the user remained anonymous while the networks got their needed MAC.

Future Changes to MAC Needed

The standard is still being worked on by the Institute of Electrical and Electronics Engineers (IEEE), who began testing on the technology in 2014. Apple supported the idea in iOS 8, but dropped support in the most recent iOS 10. Android has made an attempt to support it since 2014 and the Android 6. However, the IEEE may want to go back to the drawing board.

Bleeping Computer recently noted that researchers at the U.S. Naval Academy found a new method to detect individual mobile devices, even if the MAC addresses have gone though a randomization. They revealed the method in their paper, “A Study of MAC Address Randomization in Mobile Devices and When It Fails,” which was published March 8.

Exposing the MAC Address Standard

In the paper, researchers pointed to an unknown flaw that affected the actual hardware of mobile chipsets. It was discovered when they observed a problem in how the chipsets handle low-level control frames: Specific packets were sent by the chipsets when they performed a specific request. These control frames allowed a global MAC to be determined and identified.

This control frame behavior increases the accuracy of identification to 100 percent. That would be impressive in its own right, but it is especially significant when compared to the 50 percent accuracy achieved in a similar 2016 attack. That was chronicled in the report, “Why MAC Address Randomization Is Not Enough: An Analysis of Wi-Fi Network Discovery Mechanisms.”

Researchers from the Naval Academy wrote that the attack worked for all known devices, regardless of the OS, manufacturer, device type or randomization scheme. To make matters worse, they found that Android devices can be susceptible even when the user disabled Wi-Fi or enabled Airplane Mode.

Ramping Up Security

With this attack exposure, researchers proposed a major effort to save the standard practice. For starters, they state that standardized randomization needs to be implemented correctly on any device using Wi-Fi. Additionally, it should use the entire length of the MAC field as randomization input.

This is just the beginning of several proposed recommendations. However, it’s a tall order to get device manufacturers to implement proper randomization techniques while also getting all the manufacturers to act in a consistent manner.

Share this Article:
Larry Loeb

Principal, PBC Enterprises

Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek. He wrote for IBM's DeveloperWorks site for seven years and has written a book on the Secure Electronic Transaction Internet protocol. His latest book has the commercially obligatory title of Hack Proofing XML. He's been online since uucp "bang" addressing (where the world existed relative to !decvax), serving as editor of the Macintosh Exchange on BIX and the VARBusiness Exchange.