• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • April 19th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
iPad

Security Flaws in MAC Address Randomization Technique makes iOS, Android Devices Vulnerable to Tracking

March 12th, 2017 Waqas Security, Android, Apple News, iPad, iPhone, Technology News 0 comments
Security Flaws in MAC Address Randomization Technique makes iOS, Android Devices Vulnerable to Tracking
Share on FacebookShare on Twitter

Tracking mobile phones has become relatively easier since the advent of smartphones and wireless connectivity as these devices become traceable when they move across public Wi-Fi networks. MAC address randomization is a technique that is used to secure mobile devices from being traced. What MAC does is it replaces the unique ID that makes a mobile’s wireless hardware detectable with some randomly generated numbers, thereby making it difficult to trace the device and preventing it from being exploited by malicious cyber-criminals.

It is a helpful technique since your smartphone’s MAC address is usually logged by owners of public Wi-Fi such as at retail outlets so that customers could be recognized the moment they walk in. This is the same case that we have noticed in public wireless hotspots. For instance, in the UK, Transport for London uses this strategy to monitor Tube passengers. In theory, there is no problem with adopting such practices if the primary goal is to identify customers. However, it becomes a real issue when the data is sold to marketers and ad firms.

More: 7 Easy Tips to Strong Android Security Against Hacks

But, what we have come to know after the publishing of research report from US Naval Academy is that even MAC address randomization technique is flawed and contain implementation related vulnerabilities, which makes the entire purpose of using it completely useless. Another important issue is that on a majority of Android devices, MAC address randomization isn’t enabled.

[fullsquaread][/fullsquaread]

The research report was published on Wednesday, and it stated that the researchers successfully tracked 100% of devices (regardless of their make and model) using randomization. They managed to do that by exploiting a vulnerability that existed in the way wireless chipsets handled low-level control frames. Apart from an active Request to Send or RTS attack, the team of researchers was able to identify various alternative deanonymization techniques that were also applicable to a wide range of mobile phones.

The focus of the study was to analyze iOS and Android devices only. It was noted that every single 802.11 network interface of a mobile phone had a 48-bit MAC address layer-2 hardware identifier. This is supposed to be unique on a universal basis. They also focused on devices that weren’t associated with a network access point because this is where the real work of unique global MAC addresses start.

Previous studies in this context discovered flaws prevailing in the Wi-Fi Protected Setup (WPS) protocol, which can potentially be used to modify the MAC address of a device. The technique that allows this to happen is called Universally Unique IDentifier-Enrollee (UUID-E) reversal.

11 easy tips to secure your Mac against hackers

The current study from US Naval Academy took this previous work into account to focus on randomized MAC address implementations. They identified that although there are randomization capabilities available, a majority of Android devices aren’t implementing them despite the fact that the Android OS has it built-in to it. Due to this, tracking of Android devices becomes trivial. As per the researchers, the 802.11 chipset and firmware incompatibilities might be the reason behind it.

[fullsquaread][/fullsquaread]

More: How to use “Find my iPhone” app to locate your smartphone


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

  • Tags
  • Android
  • Apple
  • Flaw
  • Hacks
  • internet
  • iPhone
  • Mac
  • Privacy
  • security
  • Technology
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article Notepad++ Issues Fix After CIA Attack Revealed in Vault7 Documents
Next article Celebrity Websites Hacked with Messages Against ISIS and Turkey
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
WhatsApp Pink is malware spreading through group chats

WhatsApp Pink is malware spreading through group chats

2021 and Emerging Cybersecurity Threats

2021 and Emerging Cybersecurity Threats

Unpatched MS Exchange servers hit by cryptojacking malware

Unpatched MS Exchange servers hit by cryptojacking malware

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
WhatsApp Pink is malware spreading through group chats
Security

WhatsApp Pink is malware spreading through group chats

A hacker claims to be selling sensitive data from OTP generating firm
Hacking News

A hacker claims to be selling sensitive data from OTP generating firm

1-click code execution vulnerabilities in popular software apps
News

1-click code execution vulnerabilities in popular software apps

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us