MAC address randomization in WiFi probe requests

To prevent third parties from using the MAC address to track devices, several vendors have implemented MAC address randomization. This follows the idea to use disposable interface identifiers in order to improve users’ privacy. In practice, this implies that probe requests no longer use the real MAC address of the device. For example, a new MAC address can be used for each scan iteration, where one scan iteration consists of sending probe requests on all usable channels.

However, since a specification on MAC address randomization does not yet exist, iOS, Windows, and Linux, all implemented their own variants of MAC address randomization.

Linux

Linux added support for MAC address randomization during network scans. The address should be randomized for each scan iteration. The mvm module of the iwlwifi driver supports randomization since kernel 3.18. The brcmfmac driver added support for this in kernel 4.5.

The privacy-oriented Linux distribution Tails does not support MAC address randomization during network scans. Instead, it generates a new random MAC address at boot. This random address keeps the first 3 bytes of the original address, the Organization Unique Identifier (OUI), and only randomizes the last three bytes. While not as optimal as periodical address changes, it does prevent tracking over extended periods of time.

Windows

Microsoft supports randomization since Windows 10. Enabling randomization is possible if the hardware and driver support it. Interestingly, not only does Windows use random addresses for probe requests, it also uses a random address when connected to the network.

To assure the client always uses the same address when connecting to a particular network, a per-network address is calculated as follows: addr = SHA‌-256(SSID, macaddr, connId, secret)

Here SSID is the name of the network, macaddr the original MAC address, and connId a parameter that changes if the user removes (and re-adds) the network to its preferred network list. The secret parameter is a 256-bits cryptographic random number generated during system initialization, unique per interface, and kept the same across reboots. Bits in the most significant byte of addr are set so it becomes a locally administered, unicast address.

This hash construction is similar to the generation of IPv6 interface identifiers as proposed in RFC 7217. It assures that systems relying on fixed MAC addresses continue to work as expected, e.g., when authentication is performed based on the MAC address. Users can also manually instruct the OS to daily update the per-network address randomly.

Android

Android strating from 6.0 uses randomization for background scans if the driver and hardware support it. Android versions before 6.0 do not support randomization.

iOS

Apple added MAC address randomization to its devices starting from iOS 8. In iOS 8, randomized addresses are only used while unassociated and in sleep mode. iOS 9 was extended to also use randomization in what Apples calls location and auto-join scans. This means that randomization is now also used when the device is active, i.e., when the screen is turned on.

This FAQ Article is based on the Why MAC Address Randomization is not Enough: An Analysis of Wi-Fi Network Discovery Mechanisms publication. Please refer to it for further detailed analysis.