/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Explore local network privacy solutions beyond MAC address randomization #2361

Open
andrewdavidwong opened this Issue Oct 4, 2016 · 4 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Far in the future
4 participants
@andrewdavidwong @mfc @tasket @desmond-decker
@andrewdavidwong
Member

andrewdavidwong commented Oct 4, 2016
edited
Edited 1 time
  • @andrewdavidwong andrewdavidwong edited Oct 4, 2016 (most recent)

In our issue on MAC randomization (#938), @adrelanos shared a recent research paper by Vanhoef et al., "Why MAC Address Randomization is not Enough: An Analysis of Wi-Fi Network Discovery Mechanisms."

@tasket then recommended that a new issue be created for the problem raised by this research.

Abstract:

We present several novel techniques to track (unassociated)
mobile devices by abusing features of the Wi-Fi standard. This shows
that using random MAC addresses, on its own, does not guarantee privacy.
First, we show that information elements in probe requests can be used
to fingerprint devices. We then combine these fingerprints with
incremental sequence numbers, to create a tracking algorithm that does
not rely on unique identifiers such as MAC addresses. Based on
real-world datasets, we demonstrate that our algorithm can correctly
track as much as 50% of devices for at least 20 minutes. We also show
that commodity Wi-Fi devices use predictable scrambler seeds. These can
be used to improve the performance of our tracking algorithm. Finally,
we present two attacks that reveal the real MAC address of a device,
even if MAC address randomization is used. In the first one, we create
fake hotspots to induce clients to connect using their real MAC address.
The second technique relies on the new 802.11u standard, commonly
referred to as Hotspot 2.0, where we show that Linux and Windows send
Access Network Query Protocol (ANQP) requests using their real MAC address.

@andrewdavidwong andrewdavidwong added enhancement help wanted C: other privacy labels Oct 4, 2016

@andrewdavidwong andrewdavidwong added this to the Far in the future milestone Oct 4, 2016

@mfc mfc changed the title from Explore privacy solutions beyond MAC address randomization to Explore local network privacy solutions beyond MAC address randomization Oct 5, 2016

@mfc

This comment has been minimized.

Show comment
Hide comment
@mfc

mfc Oct 5, 2016

Member

scoped this to focus on local network, since "privacy solutions" include many things (browser fingerprinting, etc)
Member

mfc commented Oct 5, 2016

scoped this to focus on local network, since "privacy solutions" include many things (browser fingerprinting, etc)
@tasket

This comment has been minimized.

Show comment
Hide comment
@tasket

tasket Oct 5, 2016

Yeah, local network = LAN/WLAN

tasket commented Oct 5, 2016

Yeah, local network = LAN/WLAN
@desmond-decker

This comment has been minimized.

Show comment
Hide comment
@desmond-decker

desmond-decker Oct 7, 2016

I think adding the MAC randomization scripts into the Net-VM by default would be good in the short term. There are plenty of less exotic scenarios where it would provide additional anonymity.

desmond-decker commented Oct 7, 2016

I think adding the MAC randomization scripts into the Net-VM by default would be good in the short term. There are plenty of less exotic scenarios where it would provide additional anonymity.
@tasket

This comment has been minimized.

Show comment
Hide comment
@tasket

tasket Oct 7, 2016

@desmond-decker : Probably NetworkManager will be supplying MAC randomization since they have been working on it for months and now their 1.4.2 release can handle it as just another feature of running the NICs. The scripted approach was always rather spotty and the hardware address would keep returning with some NICs.

If you would like to have randomization working correctly now, I'd suggest reading this:
https://groups.google.com/d/msgid/qubes-users/0300e698-0120-e9bb-65d4-b4bd0a3d54f1%40openmailbox.org

tasket commented Oct 7, 2016

@desmond-decker : Probably NetworkManager will be supplying MAC randomization since they have been working on it for months and now their 1.4.2 release can handle it as just another feature of running the NICs. The scripted approach was always rather spotty and the hardware address would keep returning with some NICs.

If you would like to have randomization working correctly now, I'd suggest reading this:
https://groups.google.com/d/msgid/qubes-users/0300e698-0120-e9bb-65d4-b4bd0a3d54f1%40openmailbox.org

@mfc mfc referenced this issue Aug 4, 2017

Closed

MAC Randomization for iwlwifi #938

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment