Three Years Later: A Study of MAC Address Randomization In Mobile Devices And When It Succeeds-Reference-Cited by-同舟云学术

Three Years Later: A Study of MAC Address Randomization In Mobile Devices And When It Succeeds

Published:2021-04-27 Issue:3 Volume:2021 Page:164-181
ISSN:2299-0984
Container-title:Proceedings on Privacy Enhancing Technologies
language:en
Short-container-title:

Author:

Fenske Ellis¹,Brown Dane¹,Martin Jeremy²,Mayberry Travis¹,Ryan Peter²,Rye Erik³

Affiliation:

1. USNA

2. MITRE

3. CMAND

Abstract

Abstract Mobile device manufacturers and operating system developers increasingly deploy MAC address randomization to protect user privacy and prevent adversaries from tracking persistent hardware identifiers. Early MAC address randomization implementations suffered from logic bugs and information leakages that defeated the privacy benefits realized by using temporary, random addresses, allowing devices and users to be tracked in the wild. Recent work either assumes these implementation flaws continue to exist in modern MAC address randomization implementations, or considers only dated software or small numbers of devices. In this work, we revisit MAC address randomization by performing a cross-sectional study of 160 models of mobile phones, including modern devices released subsequent to previous studies. We tested each of these phones in a lab setting to determine whether it uses randomization, under what conditions it randomizes its MAC address, and whether it mitigates known tracking vulnerabilities. Our results show that, although very new phones with updated operating systems generally provide a high degree of privacy to their users, there are still many phones in wide use today that do not effectively prevent tracking.

Publisher

Walter de Gruyter GmbH

Subject

General Medicine

Reference31 articles.

1. [1] Wi-fi preferred network offload scanning, . https://source.android.com/devices/tech/connect/wifi-scan.

2. [2] Android wi-fi network selection, . https://source.android.com/devices/tech/connect/wifi-network-selection.

3. [3] 802.11aq-2018 - ieee standard for information technology– telecommunications and information exchange between systems local and metropolitan area networks–specific requirements part 11: Wireless lan medium access control and physical layer specifications amendment 5: Preassociation discovery. https://standards.ieee.org/standard/802_11aq-2018.html.

4. [4] Wifi certified passpoint® continues worldwide momentum. https://www.wi-fi.org/beacon/the-beacon/wi-fi-certified-passpoint-continues-worldwide-momentum.

5. [5] Changes to device identifiers in android o, Apr 2017. https://android-developers.googleblog.com/2017/04/changes-to-device-identifiers-in.html.

Cited by 38 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Third Eye: Inferring the State of Your Smartphone Through Wi-Fi;2024 IEEE 49th Conference on Local Computer Networks (LCN);2024-10-08

2. Passive Identification of WiFi Devices At-Scale: A Data-Driven Approach;2024 IEEE 49th Conference on Local Computer Networks (LCN);2024-10-08

3. DEMO : Passive Identification of WiFi Devices in Real-Time;Proceedings of the ACM SIGCOMM 2024 Conference: Posters and Demos;2024-08-04

4. Privacy-Preserving Randomized-MAC WiFi Client Counting with Short-Term-Coherent Waveform Features and a Bayesian Information Criterion;2024 International Conference on Smart Applications, Communications and Networking (SmartNets);2024-05-28

5. Over-the-Air Runtime Wi-Fi MAC Address Re-randomization;Proceedings of the 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks;2024-05-27