Your smartphone, your laptop, your computer, your tablet, even your smart watch all carry a unique identity, and we are not just talking about their looks. Every device has a string of characters unique to them that helps identify them, used to identify them in a network environment. While this is awesome to know for knowing what devices are on your network or are malfunctioning, it also could be used more nefariously. Welcome back to #TechTuesday, where we are going to explain MAC Addresses, and how they are used for tracking.
Can You See Me Now?
Every physical networked device, whether wired or wireless, is given to the consumer with a unique MAC address. Designed to be unique to that device, this identity allows networks to identify the device when it connects. This identity is actually very useful in home networking, allowing you to easily assign a static IP address based on the MAC of the device you would like to receive that identity. The network will be able to decide if you have connected previously, and recall settings specific to that device. Of course, you can change the MAC of a device in the software of it, but seldom is this technique used.
This seems like no major issue, right? Identifying yourself on a network is a courtesy, plus it only does so on networks you're connected to. Well, not quite. The concern arises with the mobile devices we use, such as our smartphones, tablets, and laptops because of how Wi-Fi works.
Scanning For Signals
When you leave your home, do you turn off your Wi-Fi chip on your smartphone? Do you entirely turn off your laptop or tablet to save battery? If not, chances are these devices are automatically scanning for available Wi-Fi networks as you move around. These devices, while enabled, use a passive discovery system that listens for Wi-Fi access points nearby that are broadcasting connections, and an active discovery that will broadcast requests for an access point. While doing this, because of how this system is designed, your device will broadcast its MAC address as a part of the discovery request. So as you're wandering around with that Wi-Fi chip enabled on your smartphone, it is broadcasting your presence to any network that will listen.
So you might wonder how this is used to track you? Well, I will take London for an example. Recently, they have Wi-Fi enabled garbage cans all across the city, set up by advertisers, that offer free connections. These cans have Wi-Fi monitoring hardware in them, and are all networked together for consistency. If you happen to pass one of these cans with your Wi-Fi enabled, your phone will ping the can with its MAC address, and the can would make note of the address and the location. As you move through the city, this process would repeat, giving a general idea of where you have been moving. This same thing can be done in stores, giving an idea where in a store you might have wandered based on the sniffers logging your mac address and current relative location. This information could be used to track you down based on a wide area, or sold to advertisers to advertise directly based on your habits and frequent visits of a location.
So how do you get around this all, though? Well, there's not a solid solution right now just yet. At least, not on all devices. Apple did fix this with their newest iOS 8, which will randomize your device's MAC address each time it scans for nearby networks, making the address worthless for tracking. While this is a solid step in the right direction, we have yet to see other developers pick this habit up just yet, but only because it was not much of a known issue until it became so. Of course, if someone really wanted to track you, there are a variety of ways such as cell signal and GPS location. But every step we can take to protect ourselves and our privacy is a step in the right direction.