Random Computer Prototype Mac OS
MAC Randomization is not a new term in the network industry. It has existed for several years and involved randomizing client MAC addresses when sending Probe Requests to prevent location tracking of devices that are not associated to the network. During association, a device would have used its “real” hardware MAC address. This however is changing with the upcoming release of iOS 14 / WatchOS 7, Android 10+, and even a few recent versions of Windows 10. The new shift in the mobile device industry is to randomize MAC addresses not only during the network discovery phase, but also during association phase. Let’s find out what these changes entail for enterprises and networking vendors.
- Note: The headings on this list indicate the Macintosh System bundle names; the bullet points indicate the version of the System File included in that bundle. This is to make it clearer for people searching for specific bundle versions as opposed to System File versions. Finder File versions are not indicated. 1 Classic Mac OS 1.1 Macintosh System Software (0 - 0.3) 1.1.1 System File 1 1.1.2.
- There is no such thing as automatic removal of all possible malware, either by OS X or by third-party software. That's why you can't rely on software to protect you. If the malware is removed in your case, you'll still need to make changes to the way you use the computer to protect yourself from further attacks. Ask if you need guidance.
- SONAR Mac Prototype. A collaboration between Cakewalk and CodeWeavers. Several months ago, we promised to deliver a SONAR Mac Alpha. To build it, we collaborated with a company called CodeWeavers. CodeWeavers has a technology called CrossOver that is basically a Windows-to-Mac translator, allowing native Windows applications to run on a Mac.
- Just press a button and get your random MAC addresses. There are no intrusive ads, popups or nonsense, just a random IEEE 802 MAC address generator. Press a button, get a random MAC. Created by developers from team Browserling.
Why MAC Randomization?
The intent from device manufacturers like Google and Apple is to “reduce a privacy risk” associated with an ability to track a device from a network usage or location perspective using a device unique MAC address. This problem can certainly be looked at from different angles (MAC Address from Google or Apple’s perspective provides different tracking options versus a typical enterprise or even a home user).
The new MAC randomization algorithm applies to network connectivity and is now used for all communications.
This is a prototype: A proof of concept that The Call of Duty 4 Advantage Tool is a legitimate program designed to improve COD4 gameplay for mac users and that it is not a scam. Remember that it is a PROTOTYPE and only a work in progress. It only shows one person at a time through all walls, and you have no control over who it shows.
How to Identify a Randomized MAC Address?
Fortunately it is easy to identify randomized MAC addresses. There is a bit which gets set in the OUI portion of a MAC address to signify a randomized / locally administered address. The quick synopsis is look at the second character in a MAC address, if it is a 2, 6, A, or E it is a randomized address. In the iOS screenshot above, we know Wi-Fi Address 92:B1:B8:42:D1:85 is a randomized address, because the second character is a 2.
How will the new MAC Randomization logic work?
There are a number of resources that will provide details on the MAC Randomization algorithm specifics, which you can find in the references. This blog will focus on practical elements of the randomization logic.
The following table provides a summary of how different mobile devices will implement MAC randomization logic by default. By default is a crucial piece here, as unless these devices will be managed by an enterprise, these default settings will likely persist, as no one would likely to change them.
OS | MAC Randomization Supported | Enabled by Default | Enabled per SSID / Hotspot2.0 profile | Randomise Daily |
---|---|---|---|---|
Windows 10 | Yes | No | Yes | Optional* |
iOS 14 / WatchOS 7 | Yes | Yes | Yes | No |
Android 10+ | Yes | Yes | Yes | Optional (Android 11 only) |
macOS | No (as of 9/20) | No | No | No |
Note: for any Android device that was upgraded to Android 10, existing saved Networks (SSIDs) will not have Private MAC enabled by default
References
- Windows 10 –https://support.microsoft.com/en-us/help/4027925/windows-how-and-why-to-use-random-hardware-addresses
- iOS –https://support.apple.com/en-us/HT211227
- Android (10) –https://source.android.com/devices/tech/connect/wifi-mac-randomization
Which network services might be affected by this change?
Since the beginning of the network industry, every network infrastructure device operates by looking at the MAC address as the single L2 device identifier. Think broadly starting from MAC tables on the switch, ARP tables on the router, DHCP Binding list on the DHCP server and so on. With the new changes which elements would be affected?
- MAC Association Lists – This is something customers should have planned to stop using a long time ago, enabling MAC randomization on a per SSID level today will not directly affect MAC ACLs functionality, unless a user would enable daily MAC rotation in the device settings. Still, this is an item to consider in the future should random MAC rotation become a norm.
- Banned Client List – Many InfoSec systems today rely on client banning or quarantine functions that are typically tied to a MAC address of a client. To overcome a ban, a user could just forget and rejoin a network to get a new MAC address generated, thus overcoming any restrictions. Potential security issue.
- Guest Portals with MAC Registration – Most Guest Captive Portals leverage MAC based registration to prevent frequent browser re-login and smoothen user experience by only requiring “one time sign up”.If a user would enable daily MAC randomization (currently available on Windows and Android 11, and is turned off by default), a guest user would see a captive portal sign up page on a daily basis. A potential long term solution to this issue would be to move to Hotspot 2.0, which not only provides a secure end-to-end communication for the user and automated network discovery, but also a more granular user-based identification. This however goes against the original notion of “more privacy with random MAC enabled”.
- DHCP Servers – It is probably time to start using shorter DHCP lease timers, just to be safe whenever somebody decides to turn on periodic MAC rotation. DHCP Lease time should not be higher than 24 hrs, rather aiming at the lower timers.
- Wi-Fi Analytics and Troubleshooting – With the current default behavior we should not be too worried about randomized MAC addresses for analytics, unless a client is switching SSIDs frequently, in which case it will be more difficult to identify SSID hopping. However, should a user enable Daily MAC Address rotation, troubleshooting a client historically or looking at network analytics for a specific client would be much more challenging. It would require user-based device identity tracking and correlation techniques to combine multiple random MAC addresses into a single device connection experience history. Typically a MAC is used to identify a user when any connectivity problems are reported, so instead of a typical “can you tell me your MAC address, please?” you may hear “do you happen to know your MAC address at the time when the issue occured?”
- Wi-Fi-based Location Tracking and Analytics – With the previous randomized MAC for Probe frames, it was already difficult to use Wi-Fi based Locationing for passive location analytics. Now with new randomized MAC addresses implementations it might be even harder to track a device just relying on Wi-Fi alone. This is yet another reason for BLE based user engagement via a mobile app.
How can enterprises react to this change? Should they?
Overall, for any enterprise managed mobile device park (iOS, Android) it is possible to disable Private MAC Address functionality for a given SSID, for example by using an existing MDM solution. Also, in Android 10/11 for any existing SSID or Network profile the “real” hardware MAC addresses will be used as before. Only new Network profiles will have randomized MAC turned on by default. In iOS 14, randomization is turned on for existing SSIDs upon upgrade.
Ok, now it sounds like it will not really have any dramatic effect, so why the blog post?
The fact that this time we got away with randomized MACs on a per-SSID basis without daily or even per-session randomization, does not mean that it will not happen in the future. As our prior testing showed earlier beta versions of both Android 11 and iOS 14 did randomize MAC address in a much more aggressive manner (up to a point of randomizing it on a per-session basis). These early betas showed a potential glimpse into the future, which is to randomize the MAC as often as currently possible. Most likely we are not too far away where device manufacturers would choose to randomize MAC addresses on a daily basis by default. Which would mean that all the items outlined above will matter even more.
Is there anything good out of this change?
Finding your current MAC address has never been easier. Both iOS and Android now provide information on the current random MAC used for a given SSID:
What can vendors do about it?
In general, vendors should provide better correlation techniques between usernames, client hostnames (for example supplied in DHCP option 12) and actual client MAC addresses. In general user-based identification will provide better network visibility. It is in a sense ironic that by providing a seemingly better privacy by enabling randomized MAC addresses, this change will slowly force everyone to move to a user-based identification, which may cause an opposite effect on privacy, especially with Guest networks.
My iMac was rock stable, right up until I installed Mountain Lion on it. Then, at random times, it would suddenly reboot. Fortunately, most of it seemed to happen at night – I’d get up in the morning and find my Mac had rebooted.
Weird.
So, I finally got around to investigating the problem – I had’t seen any good blog posts on it (most of them were things like take it to a Mac Genius). Finally, I found a hint buried in an Apple forum: the problem stems from Spotlight. The indexes for Spotlight get corrupted, and that causes the reboot. Ah-ha! So the solution is pretty simple – have Spotlight dump all it’s current stuff, and build up again from new. Of course, there’s not an obviously marked way to do this 🙂
Go into System Preference, and select Spotlight. Click on the Privacy tab. There probably isn’t anything listed under “Prevent Spotlight from searching these locations:” We’re going to add one. Hit the “+” at the bottom, and select your Mac’s hard drive, and click Choose. It’s now in the list.
Close System Preferences, and reboot your Mac once. Then, go back into System Preferences -> Spotlight -> Privacy, and remove the drive you added. Just click on the drive in the list, then click “-” at the bottom of the list.
After that, everything had been going great! 🙂 No more random reboots for me 🙂
One additional bit: Having Mountain Lion randomly reboot is a lot less painful than when versions older than Lion would reboot. Most of the apps I use are state aware, so for the most part when the iMac comes back up restores all my workspaces to what it was before 🙂