Carlos Jesus Bernardos
Professor of the Department of Telematics Engineering, Carlos III University of Madrid, Carlos III University
Do you feel like the apps you use know where you are? If you weren’t even connected to Wi-Fi when you went to the store a few hours ago, how is it possible for you to receive ads for a certain brand of coffee?
We live in a highly connected society. Every day we have more devices connected and we spend more time connecting to more different places. it is considered persistent silent threats, Without being aware, we leave traces of what we do, when and where we do it.
The issue of privacy and security on the Internet is more relevant today than ever. There are several dimensions: The confidentiality of the information, the authenticity of the same and that of the interlocutors.
This article focuses on one aspect: how to make crawling more difficult.
MAC Addresses and Wi-Fi Networks
Devices use MAC addresses to connect to Wi-Fi networks. medium access control) These serve to identify the device on the network when sending or receiving data. For this reason, MAC addresses must be unique across the network.
Each device comes with a factory-set MAC address. These addresses are globally unique, so no two devices in the world share the same address.
This is a problem, as we will see below.
In Wi-Fi networks, devices use MAC addresses each time they send or receive information. By using the same address each time, network operators or other observers on the network can monitor when a particular device is connected to the network. Furthermore, in many cases It is very easy to associate the MAC address used by a device with the actual identity of the user. For example, when we first connect to a network, we provide information to gain access.
A device is vulnerable to being tracked even without being connected to the network. Wi-Fi is required in many cases, that devices have to send certain messages, for example to find out which networks are available. These messages include MAC addresses, so they can be used to reveal the identities of terminals, even if they are connected to the network.
In some cases, a device may actively ask for networks it has recently connected to, including the names of those networks in the messages it sends. This allows a potential attacker to find out which networks the device has visited recently.Obtaining very sensitive information.
random and private addresses
To avoid these serious privacy issues, major operating systems have started using random MAC addresses (called private addresses in the case of Apple devices). To make tracking more difficult, devices generate a random MAC address instead of a factory-set one. This address should only be unique on the network the device is on.
If the device uses a different random address for each network it is connected to, the observer will not be able to conclude that it is the same device. Also, devices use different random MAC addresses each time you send information without being connected to a network. This makes it difficult to track down users who are not even connected to the network.
recently Android and iOS mobile devices have started using random MAC addresses by default, It may be necessary to disable this behavior in some specific scenarios or networks. An example is in networks that use authorized MAC address lists.
The future: random addresses and privacy
The impact of the use of random MAC addresses on the applications we use and the networks we connect to is currently being investigated. There are scenarios where the network needs to identify a device anonymously, even if it uses a random address. This is the goal of the IETF MADINAS working group (Internet Engineering Task Force), the main body for the standardization of Internet Protocol.
It is important to study how to combine the use of random addresses Along with other mechanisms designed to increase privacy. In the future, devices will be able to be adapted to the context and specific needs of each user. Just as we don’t walk barefoot on the street and we can do it at home, our devices must learn how and when to implement certain solutions to protect our privacy.
Have you read this article from a mobile device connected to a Wi-Fi network? You may have revealed more information than you think.
This article has been published in Conversation,
Sign up for our newsletter and receive the latest tech news in your email.