Another case where NetworkManager pissed me off. A couple of years ago they broke all third party MAC changers in favor of their built-in solution, but the built-in solution required the bleeding edge head version of wpa_supplicant that no vendor shipped leaving the entire system nonfunctional. IIRC it still doesn't work on Ubuntu 16.
It’s worth noting that iOS has randomized MAC addresses in WiFi probes since iOS 8.[1] As far as I know your real MAC address is exposed upon connection. I’m curious to what extent other vendors have implemented this strategy.
Unfortunately the iOS support is a sham. I tested myself, and the rumors that iOS does not randomize MACs turns out to be true. Not only does it not simply change over time, it doesn't even change when you restart the device. I walked around for a week, and my MAC never changed.
Apparently, if it ever works at all, you have to run settings that nobody uses - including, iirc, not being connected to a cell tower. I used to spread the same FUD of "iOS does this!", but the truth is it's a lie.
I've used https://github.com/feross/SpoofMAC in the past, which is a simple python tool for doing just this, cross-platform. Used it a lot in airports and can warmly recommend using it if you're usually dealing with multiple different OSes and don't want to remember how to do it for each.
Looks cool. I wish there was something like this for iPhone/iPad - which is much more likely to be with me everywhere and leak my MAC...
side note/question: do I need to actively connect to a WIFI network for them to know my MAC or does it leak even when my phone scans for neighbouring SSIDs? EDIT: looks like MAC would leak even if I don't connect to any access point, but my Wifi is on... At least according to [0]
EDIT 2: looks like iPhone and Android use MAC randomization when scanning WIFI. (not sure after they connect though). But even this randomization can be defeated[1]?
Or to be more precise, those access points probably need a consistent mac, not your real one. So it would be nice if you could configure those networks to receive their own mac, but that stays the same over time. This is what the NetworkManager 1.4.1+ "stable" setting does.
I do not understand though. Whitelisting MAC addresses is something you can do, but 99.99% of the wifi spots out there don't have it enabled. Why should my phone leak my MAC address needlessly instead of just generating a new one every 5 minutes or so?
Hopefully just the process of watching all connections break and seeing the internet go away as the client reassociates with the AP each time they foolishly tumble their MAC on an _active_ connection will be enough to keep this scenario from ever playing out.
Note that your MAC address is only one part of the identifying information your computer gives to the DHCP server. For another approach check out DHCPcAnon:
MAC address randomization is in fact built in to NetworkManager (edit: 1.4), so none of this work is really necessary (edit: if you are on 1.4 or later).
NetworkManager also includes more advanced modes which make the MAC address stable for a given hotspot, but random between them.
Unless you're using Ubuntu 16.04 LTS, in which case you're stuck with NetworkManager 1.2.
From the post: "I learned that NetworkManager 1.4.1+ can do MAC address randomization right out the box. If you’re using Ubuntu 17.04 upwards, you can get most of the way with this config file."
Here is the code I use for my mac to randomize my mac address:
interface="en0"
new_mac=$(openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/:$//; s/./0/2') # from stackoverflow
sudo ifconfig $interface ether $new_mac
Edit: What's the advantage of the solution in the post? If I just change my mac address every time I join a network (even the same one), they can't track me with my randomized mac addresses. So why would I prefer to keep a stable but randomized mac address for each network I connect to for a day?
Most of the time there are <100 devices connected to the wifis I'm connected to. I don't want to do the math now, but I expect that a collision is pretty unlikely.
If you mean that some cards have problems with handling those mac addresses, I would love to hear about that.
> I also used to randomize my local hostname
Great idea, missed that. I'll integrate that in the future.
Would be interested where that happens because I've never encountered something like this (binding the mac to the access) in public networks e.g. McDonald's, hotels and other shops. I did only get access codes which could be used for a specific time where I just changed my mac address.
I only know about mac whitelisting in protected networks managed by wary administrators.
In Canada, the ISP shaw offers ShawOpen for subscribers. There are hotspots all over the place, access control by MAC address. So I would need to provide a consistent MAC address to that SSID.
Yes, tested and working for 10+ years now. Also works well if usage is capped/throttled after a certain amount and you wish to 'reset' the connection. Try not to abuse this on a shared network obviously, but if you have a legitimate need it's very simple.
> I only know about mac whitelisting in protected networks managed by wary administrators.
Wouldn't make any sense for properly securing a network. As an attacker you could just create an evil twin (same ESSID), let some students connect to it and just use their mac addresses (and even drop their connections when they try to use the university wifi).
Edit: You don't even necessarily need an evil twin to get their mac addresses. You only have to listen to the wifi traffic and get some - even encrypted data packets still contain the raw mac address as far as I know. airodump-ng is the perfect tool to do that.
I didn't say it made any sense :) This is how I was able to get my Playstation connected up in my dorm. I set my laptop's MAC to my Playstation's, then got my laptop authenticated using their tool, switched the MAC back, and the Playstation would connect up without issue.
The necessary infrastructure exists in wpa_supplicant, but only in a newer version than is distributed with Ubuntu 16.04. OpenBSD is more integrated, so advanced functionality like this tends to be easily accessed through ifconfig.
If anyone here's involved developing NetworkManager, it would be brilliant to see a 'stable-for-n-days' type setting. This would prevent a WiFi network tracking you over time, as well as between networks.
Btw. if you want to use a random mac address just for one specific network you can simply add the following to the [wifi] section of the config file for that network (/etc/NetworkManager/system-connections/):
cloned-mac-address=random
That way every time you connect to that network you will have a new, valid mac address.
I look forward to it when Ubuntu LTS includes a more recent NetworkManager :)
“I learned that NetworkManager 1.4.1+ can do MAC address randomization right out the box. If you’re using Ubuntu 17.04 upwards, you can get most of the way with this config file.”
This seems like a good idea until you realize that you are the only one using a random mac address. (There is a vendor prefix at the beginning of every mac) Better would be to take a bit more care in choosing a more realistic address.
I think it's not a good idea to change your mac address as your only precaution against tracking. The DNS requests you'll make will reveal which sites you frequent.
I would advise to use a VPN connection. In this case it doesn't matter that you've randomized your mac address in a way which can be clearly identified as random. And even then you can see the VPN server IP in the logs so you should also make precautions and buy your VPN connection anonymously (and even then - you'll never know if you're really anonymous).
Changing your mac address seems to be sufficient (in addition to the VPN usage) to prevent easy tracking through something unique like your real mac address. But I agree that this is just 1-3 lines of code for realistic mac address generation so it should be unproblematic to add.
Edit: If you have fears of being uncovered by random-looking mac addresses without vendor prefixes, changing your mac address will probably not help you. Your threat model is different - maybe APT-level - and you have to do way more than changing your mac address.
Your adversary probably isn’t the NSA, it’s commercial tracking services. Their business is tracking the general public, they don’t care about one weird person.
Unless avoiding this becomes common practice and then the whole story changes.
> Unless avoiding this becomes common practice and then the whole story changes
If that means that everyone starts to use random mac addresses, you still can't identify specific persons based on their randomized mac addresses when they change them every time they reconnect.
You can spoof DNS requests of a victim when you are in the same network as them (the router knows which sites you visit through those DNS requests anyway). It doesn't matter which DNS server the victim uses. As long as they don't use encrypted DNS they expose the websites they visit.
Takes 5 minutes to configure your OpenWRT router to log all DNS requests: https://superuser.com/questions/632898/how-to-log-all-dns-re...
Or if you are an attacker without control over that router: search for dns spoofing. I did this several times to demonstrate companies that their public networks can be hijacked.
Be aware that this technique could be illegal or appear suspicious in some jurisdictions. MAC address randomization was mentioned in Aaron Swartz's indictment for wire fraud.
Changing your Mac address, or wearing a fake beard, are both fine.
Changing your Mac address to trick a Wi-Fi hotspot which gives out one hour free per device per day, or using a fake beard to trick a shop keeper into letting you get "one free bagel per person" twice, is a crime.
It's not illegal, it can be detected and then used against you in an indictment. It's like saying you dislike someone, they go missing, and the prosecutor mentions what you said.
And then what? You're under further suspicion? If you're innocent, that shouldn't be your concern. But all you gotta do is STFU. Don't talk to the police either way.
What you said shouldn't be enough proof except in a banana republic.
If you were always spoofing your MAC address however, then you can use that as your defense.
Your argument is akin to it being suspicious that you use Tor. As if that means your computer should be seized because you might have WMDs. Tor usage might make you suspicious only if other credible factors exist.
Yes and even if you changed your Mac every day, your neighbors probably wouldn’t. So google can still see the three routers around you, look up the gps those routers have been seen concurrently with, and know where you are.
Not sure if I'm missing the point here... if I were using Google Location services, wouldn't that mean I was giving Google my location directly? Why would they need to use my MAC address?
Theoretically you don't need to be using Google location services. You just need a phone with a google app that has permissions to discover nearby wifi hotspots.
Will these new randomized MACs also be lookupable [1] to find the model? If I'm the feds running honeypot wifi and I see a different Dell Chromebook doing things interesting to me every day, this isn't a good cover.
No, because they use the 'locally administered' prefix [1]. This is deliberate in order not to collide with real existing MAC addresses. (The original version of the post used real, Intel MAC prefixes [2] and you can look in the gist revision for that code if you prefer.)
BTW if it's really the feds you're worried about, this article probably isn't for you.
Not necessarily. However, if you're the only random MAC user on a network, it can be trackable.
Depending on implementation the MAC will have a specific bit set to indicate it is user supplied and not necessarily universally unique but I'm not sure if NM does that.
Where would MAC address capture occur on the network? MACs are local to L2 traffic, so once a frame turns into a packet and is routed, the sMAC of your PC is no longer present in the data. If you're on your home network, this has no impact what so ever.
Actually, this is no longer true. An autoconfigured IPv6 address can leak your MAC address, depending on your settings, as one mechanism for autoconfiguration embeds your MAC address right into your IPv6 address.
I have Fibre to the Home at 1Gb/sec, but so far, they do not support IPv6. That's something interesting for me to look into though, so thank you. I was providing ADS-B flight data to a website, and then I realized that they were posting my MAC, my NAT'd IP, and my GPS location to the world. That L7 will get ya every time.
Are there any lawyers here that can speak about the legal side of this? I could imagine a wifi provider that offers 30 minutes free wifi e.g. airports, has this covered in their terms and conditions or a country that could consider this as fraudulent?
iPhones and Android phones do this for awhile already. If you read the article you'll notice that the MAC stays the same for a SSID for a working day. This makes sure it doesn't break networking and as a side effect captcha portal limits still work.
This seems like it should be a default indeed. It does make it harder to assign fixed addresses to your devices in your home network. At least openwrt only seems to have static DHCP leases based on MAC and not on the advertised DHCP name. For most devices this doesn't matter as it does add a DNS entry with whatever IP it assigned. But when you then want to add a firewall rule to port forward something to a device a fixed IP is much nicer.
What makes it easier is having fixed goals in mind, because I am seeing a lot of people in this thread arguing because they're all solving different problems which is obviously going to mean different solutions.
If your only concern is passive tracking, then a randomized MAC being used for SSID probes (because whitelist-only hidden SSIDs are rare enough that those people can manually connect) will be sufficient.
If you're looking to keep an open Wifi provider from tracking you over the course of days, then using a different MAC for each connect is going to be sufficient.
If you're looking to avoid tracking by people doing traffic analysis to correlate by behaviour no amount of MAC trickery will help you.
If one is looking to avoid having to pay for overstaying their visit at a coffee house or similar capture portal, maybe what needs to be changed is one's sense of ethics, and changing a MAC won't help with that.
So, you can say "it should be a default" all you like, but everyone's going to have a different idea of what the default is for and they're going to throw a fit about it not being "the right default". Better to be conservative like Android and avoid inciting the newbs.
Your different problems with different solutions have at least a part that everyone agrees on like iOS doing it for probes. We can definitely argue what the right default is but will probably agree that no randomization at all is not a good one and move to at least some. Ubuntu currently does none.
That would probably make a lot of sense. Can the network manager setting also be changed per network? It would be nice to do this with the normal config in the future.
Yes, in network manager 1.4.1+ (ubuntu 17.04+) you can set each network to `random` or `stable` as well as a global default for new networks. This config file updates the global default (but I can't use it yet!): https://gist.github.com/paulfurley/978d4e2e0cceb41d67d017a66...
Realtek and Ubuntu - I have spent four years trying to get my wifi to work. Being tracked would be a bonus, the built in wifi on my Lenovo laptop is deaf to the world and will never get as far as MAC spoofing.
