Kicksecure ™

Download

On Computer USB Installation Debian morph to Kicksecure Windows (VM) Linux (VM) Mac (VM) VirtualBox (VM) KVM (VM) Qubes (VM) More options Source Code

About

Overview Features Why Open Source? Project Activities Contributors Mission & Vision

Docs

Documentation FAQ Troubleshooting

Community

Forums Contribute

Support

Self Support First Policy Search Engines, Docs and AI Support (Limited) Reporting Bugs Contact (Restricted)

Tools Upload file Special pages Recent changes Print Version Page meta What links here Related changes Page information

Page Read Edit History Move Protection Unwatch Watch Delete Purge

User Preferences Watchlist Contributions Logout Create account Login

Donate

MAC Address Spoofing and Tracking Threats

Introduction[edit]

All network cards, both wired and wireless, have a unique identifier called a MAC address. ^[1] MAC addresses are stored in hardware and are used to assign an address to computers on the local network.

The MAC address is normally not traceable because it is not passively sent to computers beyond the local router. ^[2] However, other computers on the local network can potentially log it, which would then provide proof the user's computer connected to that specific network. If users intend to use an untrusted, public network then MAC spoofing should be considered. ^[3]

MAC Spoofing Warning[edit]

Auto-connect Risk[edit]

Apart from the difficulty in creating an appropriate MAC address for spoofing purposes, there are also technical hurdles to overcome in the form of preventing automatic network connections.

It is futile to prepare a spoofed MAC address if the computer instantly connects to the public network after booting, disclosing the user's real MAC address in the process:

• Kicksecure as a host: Kicksecure automatically connects to the internet after start.
• USB Wi-FI Device: Automatic connections might also occur, depending on the configuration.

Burner Wi-Fi USB Sticks[edit]

One immediate workaround for the Wi-Fi card profiling threat is to buy new "burner" Wi-Fi USB sticks from different manufacturers. Take care to disable the computer's native Wi-Fi functionality in the BIOS settings if pursuing this option -- the computer's characteristics will have likely been logged if it was ever used from an untrusted hotspot. Burner devices should only be enabled for connectivity at the intended public destination. If this advice is ignored and burner devices are used for network connections at locations tied to or regularly visited by the user, this will defy the original purpose. A different burner stick should be used for each new location to avoid geographical profiling / tracking.

Random MAC Addresses[edit]

The problem with using a random MAC address is that the chosen vendor ID may be non-existent. Even if it exists, it is possible to end up with a vendor ID which has either never been used or not for decades. When spoofing MAC addresses, it is critical to use a popular vendor ID. The initial, second part of the MAC address can safely be random or unique. ^[5]

Research on this issue is still ongoing. At present, Kicksecure cannot provide detailed instructions on how to create appropriate MAC addresses fulfilling the criteria above.

Other Location Tracking Risks[edit]

Authentication Fingerprinting Techniques[edit]

An authentication technique can fingerprint devices by observing inter-packet timings on a LAN's wire-segment; one side effect is that user devices can be tracked. The timing effects are the result of how various components in a machine create packets. ^[6] Fortunately, this technique cannot be used to identify devices across the Internet. ^[7]

This technique can be defeated by inducing random delays in a machine's packet stream. Since there is no problem with impersonating other devices on the LAN, it does not matter that such an authentication system will view these machines as "unknown". ^[8] Note also that spectrum analyzers have been used to fingerprint the unique electromagnetic (EM) characteristics of a Wi-Fi card. The disposable USB Wi-Fi workaround described further above would mitigate this attack. ^[9]

MAC Spoofing on Different Networks[edit]

Home Connections[edit]

Connectivity Risk[edit]

If the user's home network has a cable modem internet connection, the ISP either provides the cable modem device as part of the service or requires pre-registration of the MAC address of the self-provided cable modem in order to setup the service.

If a user manages to hack or change the MAC address of the modem, the service would immediately cease functioning because the IP address assignment is apportioned for, and bound to, that specific MAC address. As a result, when connecting from behind a cable modem/NAT router, MAC address spoofing of the computer's ethernet adapter may be pointless. If a user is traced, the trackable endpoint will be the MAC address of the cable modem device.

Public Computers[edit]

The MAC address should not be changed in this scenario, otherwise it may bring undesired administrator attention to the service/user and/or simply prevent access to the Internet.

Changing MAC Addresses[edit]

Kicksecure[edit]

TODO: please help to test and improve these instructions.

Qubes Hosts[edit]

Qubes users can manually change MAC addresses in the NetVM by following either the Network Manager or macchanger guides. MAC Address Randomization capability for Wi-Fi has been implemented.

network: enable MAC randomization for wifi connections by default was implemented.

This is currently applied by Debian and Fedora templates only.https://github.com/QubesOS/qubes-issues/issues/938#issuecomment-1221605861

ethernet mac randomization by default, which was denied.https://github.com/QubesOS/qubes-issues/issues/938#issuecomment-1300587911

Consequently, users wanting ethernet mac randomization will need to modify their templates manually, and in all new downloaded templates after OEL deprecation,https://github.com/QubesOS/qubes-issues/issues/938#issuecomment-1300587911

Refer to the following Qubes documentation and related support items for further information and advice:

• Qubes documentation: Anonymizing your MAC Address
• Qubes-Users forum: Instructions for Installing Macchanger Needed
• Explore local network privacy solutions beyond MAC address randomization

Sources[edit]

See footnote. ^[10]

References[edit]

License[edit]

Kicksecure MAC Address wiki page Copyright (C) Amnesia <amnesia at boum dot org>
Kicksecure MAC Address wiki page Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP <adrelanos(at)kicksecure.com (Replace (at) with @.)Please DO NOT use e-mail for one of the following reasons: Private Contact: Please avoid e-mail whenever possible. (Private Communications Policy) User Support Questions: No. (See Support.) Leaks Submissions: No. (No Leaks Policy) Sponsored posts: No. Paid links: No. SEO reviews: No. >

This program comes with ABSOLUTELY NO WARRANTY; for details see the wiki source code.
This is free software, and you are welcome to redistribute it under certain conditions; see the wiki source code for details.

Kicksecure A secure by default operating system with the latest security research in place.

Dark mode

Follow us on social media

Supported by Power Up Privacy

Kicksecure is proudly supported until 2025 by Power Up Privacy, a privacy advocacy group that seeks to supercharge privacy projects with resources so they can complete their mission of making our world a better place. (Strictly subject to our sponsorship policy.)

At Kicksecure we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint 2012- 2024 ENCRYPTED SUPPORT LP

Your support makes
all the difference!

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!