MAC address spoofing

The device that you’re looking at right now has a network interface controller (NIC), the thing that’s responsible for allowing you to connect to a network, like an internet. All devices capable of networking (smartphones, laptops, routers) have one of these. Each NIC is assigned unique hard-coded MAC addresses that cannot be changed.

MAC Address

However, almost all popular platforms such as Windows or OS X or Linux (and hence Android) support changing MAC addresses pretty easily too. Just because we cannot change the MAC address built into our NIC doesn’t mean we can’t make other devices think that our MAC address is something different. Whatever information leaves our device is in our control. And in the header of the packets that make up our data is the address of our device, the MAC address (along with IP and a bunch of other information).

So, our operating systems allow us to instruct the NIC to ignore the built-in MAC address and instead use our own custom MAC address which could be anything we want it to be. This is called MAC spoofing.

MAC spoofing is awesome. We’re interested in MAC spoofing because it allows us to make other devices think that we are someone else. For a hacker, this opens up a variety of attack vectors.

 

What is MAC spoofing used for?

  • It allows us to perform man-in-the-middle attacks
  • It can help us hack Wi-Fi networks
  • It lets us directly target devices connected to our Local Area Network (LAN)
  • If you’ve been banned from using a public Wi-Fi hotspot, MAC spoofing allows you to trick the router into thinking that you are some other device.

 

There are a couple of completely legitimate (read: white hat) reasons for MAC spoofing as well:

  • Setting up numerous virtual machines in a corporate environment, each with a randomly assigned MAC address.
  • It can be used for improving anonymity (An unsafe local network can track you using your MAC address. If your MAC address keeps changing, they can’t do that anymore).

 

Consider an example. Say you’re using Wi-Fi and your friend is also connected to the same network. Now, when you first connect to a Wi-Fi access point (the router), you exchange some information with the router. You request a connection from the router, enter the password and if successful, the router responds by opening a connection for you. Now the router knows who you are (your MAC address) and you know who the router is (its MAC address).

Now, if you spoof your MAC address to look like the router’s MAC address you could make the friend think that he’s talking with the router when instead all his network traffic is going through your device. This is an example of a man-in-the-middle attack and this technique can allow you to snoop on unencrypted traffic (HTTP), redirect the user to some other websites or replace all the images they see with photos of cats if you want to.

 

Can a website detect your real MAC address? 

No. MAC addresses are restricted to the local network segment. For example, they are only used by a router to distinguish different devices connected to it, but the MAC address is never sent from the router to the internet.

Leave a Reply

Your email address will not be published. Required fields are marked *