The device that you’re looking at right now has a network interface controller (NIC), the thing that’s responsible for allowing you to connect to a network, like the internet. All devices capable of networking (smartphones, laptops, routers) have one of these. Each NIC is assigned a unique hard-coded MAC addresses that cannot be changed.
What is MAC Address Spoofing?
However,
almost all popular platform such as Windows or OS X or Linux (and hence
Android) support changing MAC addresses and pretty easily too. Just because we
cannot change the MAC address built into our NIC doesn’t mean we can’t make
other devices think that our MAC addresses is something different. Whatever
information leaves our device is in our control. And in the header of the
packets that make up our data is the address of our device, the MAC address
(along with IP and a bunch of other information).
So,
our operating systems allow us to instruct the NIC to ignore the built-in MAC
address and instead use our own custom MAC address which could be anything we
want it to be. This is called MAC spoofing.
What is MAC Spoofing Used for?
MAC
spoofing is awesome. We’re interested in MAC spoofing because it allows us to
make other devices think that we are someone else. For a hacker, this opens up
a variety of attack vectors:
It
allows us to perform man-in-the-middle attacks
It
can help us hack Wi-Fi networks
It
lets us directly target devices connected to our Local Area Network (LAN)
If
you’ve been banned from using a public Wi-Fi hotspot, MAC spoofing allows you
to trick the router into thinking that you are some other device.
There
are a couple of completely legitimate (read: white hat) reasons for MAC
spoofing as well:
Setting
up numerous virtual machines in a corporate environment, each with a randomly
assigned MAC address.
It
can be used for improving anonymity (An unsafe local network can track you
using your MAC address. If your MAC address keeps changing, they can’t do that
anymore).
Consider
an example. Say you’re using Wi-Fi and you’re friend is also connected to the
same network. Now, when you first connect to a Wi-Fi access point (the router),
you exchange some information with the router. You request a connection from
the router, enter the password and if successful, the router responds by
opening a connection for you. Now the router knows who you are (your MAC
address) and you know who the router is (it’s MAC address).
Now,
if you spoof your MAC address to look like the router’s MAC address you could
make the friend think that he’s talking with the router when instead all his
network traffic is going through your device. This is an example of a
man-in-the-middle attack and this technique can allow you to snoop on
unencrypted traffic (HTTP), redirect the user to some other websites or replace
all the images they see with photos of cats if you want to.
Can a Website Detect Your Real MAC Address?
No.
MAC addresses are a restricted to the local network segment. For example, they
are only used by a router to distinguish different devices connected to it, but
the MAC address is never sent from the router to the internet.
0 Comments