Tuesday

MAC Address Spoofing Explained


The device that you’re looking at right now has a network interface controller (NIC), the thing that’s responsible for allowing you to connect to a network, like the internet. All devices capable of networking (smartphones, laptops, routers) have one of these. Each NIC is assigned a unique hard-coded MAC addresses that cannot be changed.

However, almost all popular platform such as Windows or OS X or Linux (and hence Android) support changing MAC addresses and pretty easily too. Just because we cannot change the MAC address built into our NIC doesn’t mean we can’t make other devices think that our MAC addresses is something different. Whatever information leaves our device is in our control. And in the header of the packets that make up our data is the address of our device, the MAC address (along with IP and a bunch of other information).

So, our operating systems allow us to instruct the NIC to ignore the built-in MAC address and instead use our own custom MAC address which could be anything we want it to be. This is called MAC spoofing.

What is MAC spoofing used for?

MAC spoofing is awesome. We’re interested in MAC spoofing because it allows us to make other devices think that we are someone else. For a hacker, this opens up a variety of attack vectors:

It allows us to perform man-in-the-middle attacks

It can help us hack Wi-Fi networks

It lets us directly target devices connected to our Local Area Network (LAN)

If you’ve been banned from using a public Wi-Fi hotspot, MAC spoofing allows you to trick the router into thinking that you are some other device.

There are a couple of completely legitimate (read: white hat) reasons for MAC spoofing as well:

Setting up numerous virtual machines in a corporate environment, each with a randomly assigned MAC address.

It can be used for improving anonymity (An unsafe local network can track you using your MAC address. If your MAC address keeps changing, they can’t do that anymore).

Consider an example. Say you’re using Wi-Fi and you’re friend is also connected to the same network. Now, when you first connect to a Wi-Fi access point (the router), you exchange some information with the router. You request a connection from the router, enter the password and if successful, the router responds by opening a connection for you. Now the router knows who you are (your MAC address) and you know who the router is (it’s MAC address).

Now, if you spoof your MAC address to look like the router’s MAC address you could make the friend think that he’s talking with the router when instead all his network traffic is going through your device. This is an example of a man-in-the-middle attack and this technique can allow you to snoop on unencrypted traffic (HTTP), redirect the user to some other websites or replace all the images they see with photos of cats if you want to.

Can a website detect your real MAC address?

No. MAC addresses are a restricted to the local network segment. For example, they are only used by a router to distinguish different devices connected to it, but the MAC address is never sent from the router to the internet.

No comments: