We present an attack to defeat MAC address randomization through observation of the timings of the network scans with an off-the-shelf Wi-Fi interface. It is used to prevent user-tracking with probe requests that are transmitted during IEEE 802.11 network scans. MAC address randomization is a common privacy protection measure deployed in major operating systems today. The second one deals with the spread of MAC address randomization in the devices population.Finally, we present two tools: an experimental Wi-Fi tracking system for testing and public awareness raising purpose, and a tool estimating the uniqueness of a device based on the content of its emitted signals even if the identifier is randomized. We list some real-world installations and discuss their various aspects, including regulation, privacy implications, consent and public acceptance.
CONVERT MAC ADDRESS TO MOST SIGNIFICANT BITS INSTALL
The first one considers the development of actors exploiting this issue to install Wi-Fi tracking systems. In complement, we study implementations of MAC address randomization in some recent devices, and find a number of shortcomings limiting the efficiency of these implementations at preventing device tracking.At the same time, we perform two real-world studies. Unfortunately, we show that this mitigation, in its current state, is insufficient to prevent tracking.To do so, we introduce several attacks, based on the content and the timing of emitted signals. To mitigate the threat, device vendors are currently deploying a countermeasure on new devices: MAC address randomization. These signals contain a unique identifier, called the MAC address. These devices continuously emit signals which can be captured by a passive attacker using cheap hardware and basic knowledge. The recent spread of everyday-carried Wi-Fi-enabled devices (smartphones, tablets and wearable devices) comes with a privacy threat to their owner, and to society as a whole.