A Study of MAC Address Randomization in Mobile Devices and When it Fails-Reference-Cited by-同舟云学术

A Study of MAC Address Randomization in Mobile Devices and When it Fails

Published:2017-10-01 Issue:4 Volume:2017 Page:365-383
ISSN:2299-0984
Container-title:Proceedings on Privacy Enhancing Technologies
language:en
Short-container-title:

Author:

Martin Jeremy¹,Mayberry Travis²,Donahue Collin²,Foppe Lucas²,Brown Lamont²,Riggins Chadwick²,Rye Erik C.²,Brown Dane²

Affiliation:

1. The MITRE Corporation, work done partly while at the US Naval Academy (USNA)

2. USNA

Abstract

Abstract Media Access Control (MAC) address randomization is a privacy technique whereby mobile devices rotate through random hardware addresses in order to prevent observers from singling out their traffic or physical location from other nearby devices. Adoption of this technology, however, has been sporadic and varied across device manufacturers. In this paper, we present the first wide-scale study of MAC address randomization in the wild, including a detailed breakdown of different randomization techniques by operating system, manufacturer, and model of device. We then identify multiple flaws in these implementations which can be exploited to defeat randomization as performed by existing devices. First, we show that devices commonly make improper use of randomization by sending wireless frames with the true, global address when they should be using a randomized address. We move on to extend the passive identification techniques of Vanhoef et al. to effectively defeat randomization in ~96% of Android phones. Finally, we identify a previously unknown flaw in the way wireless chipsets handle low-level control frames which applies to 100% of devices we tested. This flaw permits an active attack that can be used under certain circumstances to track any existing wireless device.

Publisher

Walter de Gruyter GmbH

Subject

General Medicine

Reference29 articles.

1. [1] Linux WPA supplicant (IEEE 802.1x, WPA, WPA2, RSN, IEEE 802.11i). https://w1.fi/wpa_supplicant/.

2. [2] IDC: Smartphone vendor market share. http://www.idc.com/promo/smartphone-market-share/vendor.

3. [3] Guidelines for Use Organizationally Unique Identifier (OUI) and Company ID (CID). https://standards.ieee.org/develop/regauth/tut/eui.pdf.

4. [4] WPA supplicant change log. https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog.

5. [5] China Deputizes Smart Phones to Spy on Beijing Residents’ Real-Time Location. https://www.eff.org/deeplinks/2011/03/china-deputizes-smart-phones-spy-beijing-residents, Oct 2011.

Cited by 104 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Bleach: From WiFi probe-request signatures to MAC association;Ad Hoc Networks;2024-11

2. Passive Identification of WiFi Devices At-Scale: A Data-Driven Approach;2024 IEEE 49th Conference on Local Computer Networks (LCN);2024-10-08

3. Privacy-preserving WiFi fingerprint-based people counting for crowd management;Computer Communications;2024-09

4. Detection of Room Occupancy in Smart Buildings;Radioengineering;2024-09

5. Over-the-Air Runtime Wi-Fi MAC Address Re-randomization;Proceedings of the 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks;2024-05-27