Hacker News new | past | comments | ask | show | jobs | submit login
Why MAC address randomization is not enough (2016) [pdf] (mathyvanhoef.com)
132 points by wglb on July 15, 2017 | hide | past | favorite | 10 comments

"The three golden rules to ensure computer security are: do not own a computer; do not power it on; and do not use it"


Without being facetious, that strategy does work for this particular problem: turn off your wifi if you are walking around, traveling, or not in range of a network you intend to connect to.

I also have Bluetooth and NFC off most of the time since I rarely use them. (But then there's the cellular connection of my phone ...)

I wish the mobile OS could do that automatically based on the location.

Under iOS' settings it does hint at this as Wifi is one of the system services that uses locations services.

WiFi is used to speed up geolocation, sometimes a lot if you're in a dense city with poor satellite reception.


With apps like Tasker on Android, you can do this sort of stuff if you're up for a little drag and drop programming...

I'm not sure about iOS, but on Android this is possible with many apps in the app store. Some manufacturers also have "smart settings" in settings of Android that also gives this capability out of the box.

By some of the same people, also interesting on the same subject: "Defeating MAC Address Randomization Through Timing Attacks" http://papers.mathyvanhoef.com/wisec2016.pdf

Is new hardware required for these "Hotspot 2.0" things?

Nope, it's all in the MAC and additional usermode services that help phones identify to the network using, in most cases, its SIM.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact