Skip to content
Naked Security Naked Security

MAC address scrambling coming to Linux

Apple's iOS had it since version 8. Windows 10 has it. And pretty soon, Linux will have it, too.

Apple’s iOS had it since version 8. Windows 10 has it.

And pretty soon, many Linux users will be able to get it, too.

It’s the ability to scramble the hardware media access control (MAC) address that each mobile device uses when setting up Wi-Fi connections.

Those MAC addresses allow mobile users to be tracked by all sorts of busybodies (and curious researchers!), be they spies, crooks, advertisers, retailers, trash bins rigged to track passersby, cops tracking stolen devices, Sophos researchers warbiking through London, felines warprowling (with bonus mouse catching!), or Sexy Cyborg out warstrolling (with high heels packing Wi-Fi hacking tools, no less!).

This past July, an IEEE study group recommended that the Wi-Fi protocol needs to be updated to use randomly generated MAC addresses for better security and privacy.

Juan Carlos Zuniga, principal engineer at InterDigital and chair of the IEEE 802 Privacy Executive Committee Study Group:

Because of the uniqueness of the identifier and the fact that they’re not encrypted, you can easily make a connection between the identifier and the user.

And it looks like the IEEE-recommended randomization of MAC addresses is going to come to the Fedora distribution of Linux.

Fedora contributor and NetworkManager developer Lubomir Rintel writes on his blog that the problem is that our laptops and mobile phones’ MAC addresses are, in most cases, broadcasting wherever we go, before we even attempt a connection to a wireless network.

That’s a problem for our privacy, he writes:

Even when you’re super careful about encrypting your internet traffic, the meta-data can leak enough information to make you worried.

Rintel suggests that one method of protecting your privacy while on the go and remaining anonymous at all times is to randomize devices’ MAC addresses while they scan for Wi-Fi networks.

Apple began to use the method starting in iOS 8, and Microsoft incorporated it in Windows 10.

If everything works out right, Linux users who have the NetworkManager software will get MAC randomization too, in the upcoming NetworkManager 1.2 release.

Image of scrambled egg courtesy of Shutterstock.com

6 Comments

For anyone familiar with shell scripting, you could automatically set this up every time you connect to the network. This isn’t new. This could be setup manually in NetworkManager, Wicd, or in your network config files.

How do you deal with DNS machines that use the MAC for an identifier of a particular device, such as tftp booting. Or is this just to use when wondering? Many technical challenges, but the basic idea is great. My iPhone connects to my wifi, where I use the MAC for certain configurations. Will ‘random MAC’ addresses be on/off switchable for areas that need the MAC for ID?

Just curious..

Jack

My understanding of how this works is that the MAC address is subject to change whilst a device is scanning for networks to connect to. I guess it could settle down to using the ‘real’ MAC address once it’s joined the network.

That’s how I understand it. If you connect, you connect (unless you take steps to change what you might call your “underlying” MAC address) as the same address every time. But while you are merely finding out what networks exist, you aren’t identiying yourself as the same person every time.

It seems fair for a network whose free Wi-Fi service you decide to use to know that you’re back…but not for a network whose service you aren’t going to use to learn the same level of detail. (Not for access points to exist that serve only to track your movements, rather than to offer you some sort of service.)

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?