Security Vulnerabilities in Mobile MAC Randomization

Interesting research: "A Study of MAC Address Randomization in Mobile Devices When it Fails":

Abstract: Media Access Control (MAC) address randomization is a privacy technique whereby mobile devices rotate through random hardware addresses in order to prevent observers from singling out their traffic or physical location from other nearby devices. Adoption of this technology, however, has been sporadic and varied across device manufacturers. In this paper, we present the first wide-scale study of MAC address randomization in the wild, including a detailed breakdown of different randomization techniques by operating system, manufacturer, and model of device. We then identify multiple flaws in these implementations which can be exploited to defeat randomization as performed by existing devices. First, we show that devices commonly make improper use of randomization by sending wireless frames with the true, global address when they should be using a randomized address. We move on to extend the passive identification techniques of Vanhoef et al. to effectively defeat randomization in 96% of Android phones. Finally, we show a method that can be used to track 100% of devices using randomization, regardless of manufacturer, by exploiting a previously unknown flaw in the way existing wireless chipsets handle low-level control frames.

Basically, iOS and Android phones are not very good at randomizing their MAC addresses. And tricks with level-2 control frames can exploit weaknesses in their chipsets.

Slashdot post.

Posted on March 20, 2017 at 5:05 AM • 9 Comments

Comments

Who?March 20, 2017 10:01 AM

@ Steve Friedl

Agreed, I am sure he is referring to the data link layer too —the second layer on the OSI model.

ElliotMarch 20, 2017 1:59 PM

Is there anything Google can't screw up?
"Further- more, Android devices can be susceptible to this attack even when the user disables WiFi and/or enables Airplane Mode."

Bauke Jan DoumaMarch 20, 2017 9:36 PM

Quote:
"Smartphones are one of the most impactful technolo-
gies of this century. The ability to access the Internet
anytime and anywhere has fundamentally changed
both work and personal life across the globe [21]. It is
gradually becoming clear, however, that in exchange
for this level of access to the Internet people may be
giving up a substantial amount of privacy. In par-
ticular, it has recently been made public that state
sponsored intelligence agencies, in countries such as
Russia and China [5, 11, 3], as well as private sec-
tor companies [18], are actively attempting to track
cellphone users."

Countries such as Russia and China...

Is describing a giraffe as a 4 legged yellowish animal with brown spots and a plumed tail a lie?

It is.

Because the most striking feature was left unmentioned.


Maxwell's DaemonMarch 21, 2017 2:29 PM

Something I've been doing on my own forever and not something I'd trust any operating system to do at all. Do I trust an operating system with my security?

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.