Editing MAC address (section)

===Tracking===
====Randomization====
According to [[Edward Snowden]], the US [[National Security Agency]] has a system that tracks the movements of mobile devices in a city by monitoring MAC addresses.<ref>{{cite magazine | url=https://www.wired.com/2014/08/edward-snowden/ | title=The Most Wanted Man in the World | magazine=Wired | access-date=2014-12-01 | author=Bamford, James | page = 4| date=2014-08-13 }}</ref> To avert this practice, [[Apple Inc.|Apple]] started using random MAC addresses in [[iOS]] devices while scanning for networks.<ref name="apple2014"/> Other vendors quickly followed suit. MAC address randomization during scanning was added in Android starting from version 6.0,<ref name="android6"/> in Windows 10,<ref>{{cite web|url=https://channel9.msdn.com/Events/WinHEC/2015/WHT201|title=Wireless networking in Windows 10|author=Winkey Wang}}</ref> and in Linux 3.18.<ref>{{cite web |author=Emmanuel Grumbach | title=iwlwifi: mvm: support random MAC address for scanning | work=Linux commit effd05ac479b|url=https://github.com/torvalds/linux/commit/effd05ac479b80641835f9126bbe93146686c2b8|access-date=2018-08-22}}</ref> The actual implementations of the MAC address randomization technique vary largely in different devices.<ref name=matte-hal2017>{{cite thesis|title=Wi-Fi Tracking: Fingerprinting Attacks and Counter-Measures | author=Célestin Matte|url=https://hal.archives-ouvertes.fr/tel-01659783/|access-date=2018-08-22|work=2017| date=December 2017| publisher=Université de Lyon| type=Theses}}</ref> Moreover, various flaws and shortcomings in these implementations may allow an attacker to track a device even if its MAC address is changed, for instance its probe requests' other elements,<ref>{{cite book |last1=Vanhoef |first1=Mathy |last2=Matte |first2=Célestin |last3=Cunche |first3=Mathieu |last4=Cardoso |first4=Leonardo |last5=Piessens |first5=Frank |title=Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security |chapter=Why MAC Address Randomization is not Enough: An Analysis of Wi-Fi Network Discovery Mechanisms |date=10 June 2016 |pages=413–424 |doi=10.1145/2897845.2897883 |isbn=978-1-4503-4233-9 |chapter-url=https://hal.inria.fr/hal-01282900 |s2cid=12706713|access-date=3 May 2022}}</ref><ref>{{cite web|author=Martin Jeremy and Mayberry Travis and Donahue Collin and Foppe Lucas and Brown Lamont and Riggins Chadwick and Rye Erik C and Brown Dane|title=A study of MAC address randomization in mobile devices and when it fails|work=2017|url=https://www.degruyter.com/downloadpdf/j/popets.2017.2017.issue-4/popets-2017-0054/popets-2017-0054.pdf|access-date=2018-08-22|archive-date=2018-08-22|archive-url=https://web.archive.org/web/20180822145628/https://www.degruyter.com/downloadpdf/j/popets.2017.2017.issue-4/popets-2017-0054/popets-2017-0054.pdf|url-status=dead}}</ref> or their timing.<ref>{{cite book|author=Matte Célestin and Cunche Mathieu and Rousseau Franck and Vanhoef Mathy|title=Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks|chapter=Defeating MAC address randomization through timing attacks|chapter-url=https://hal.inria.fr/hal-01330476|access-date=2018-08-22|date=2016-07-18|pages=15–20|doi=10.1145/2939918.2939930|isbn=9781450342704|s2cid=2625583|url=https://lirias.kuleuven.be/handle/123456789/547642}}</ref><ref name=matte-hal2017 /> If random MAC addresses are not used, researchers have confirmed that it is possible to link a real identity to a particular wireless MAC address.<ref name="cunche-grehack2013">{{cite journal |last1=Cunche |first1=Mathieu |title=I know your MAC Address: Targeted tracking of individual using Wi-Fi |url=https://hal.inria.fr/hal-00858324 |url-status=live |archive-url=http://web.archive.org/web/20160304000000/https://hal.inria.fr/hal-00858324 |archive-date=2016-03-04 |access-date=19 December 2014 |journal= Journal of Computer Virology and Hacking Techniques|date=2014 |volume=10 |issue=4 |pages=219–227 |doi=10.1007/s11416-013-0196-1 }} [https://scholar.archive.org/work/dbtya26ivjeq5fa2fadrmrptca Alt URL]</ref>

Randomized MAC addresses can be identified by the "locally administered" bit described above.<ref>{{cite web |last1=Nayak |first1=Seema |title=Randomized and Changing MAC (RCM) |url=https://blogs.cisco.com/networking/randomized-and-changing-mac-rcm |website=Cisco Blogs |date=14 March 2022 |quote=To improve end-user privacy, various operating system vendors (Apple iOS 14, Android 10 and Windows 10) are enabling the use of the locally administered mac address (LAA), also referred to as the random mac address for WIFI operation. When wireless endpoint is associated with random mac address, the MAC address of the endpoint changes over time.}}</ref>

====Other information leakage====
Using [[wireless access point]]s in [[SSID]]-hidden mode ([[network cloaking]]), a mobile wireless device may not only disclose its own MAC address when traveling, but even the MAC addresses associated to SSIDs the device has already connected to, if they are configured to send these as part of probe request packets. Alternative modes to prevent this include configuring access points to be either in beacon-broadcasting mode or probe-response with SSID mode. In these modes, probe requests may be unnecessary or sent in broadcast mode without disclosing the identity of previously known networks.<ref name="Hidden network no beacons">{{cite web|title=Hidden network no beacons|url=https://security.stackexchange.com/questions/61576/hidden-network-no-beacons|access-date=16 October 2016|website=security.stackexchange.com}}</ref>