Categories Guides

Does the WiFi MAC address change? What are the Privacy concerns?

by

The MAC address of a WiFi device is hard-coded at the hardware level, so it can’t really be changed (imagine that it’s the serial number of your network adapter). But, that doesn’t mean that it’s not possible to trick the OS into believing that the MAC address is different, hiding the true, hard-coded MAC address. This process is called MAC spoofing and it is a fairly common technique easily available on mobile OSes (Android and iOS), even though on Windows, MacOS and Linux, it does require a few more steps.

sfp-home-network-ports
Creating a network.

At the same time, how easy is it actually to have your MAC address exposed and is it truly a notable vulnerability point? If we were to talk about network vulnerability, the WPS is still very much the weakest link to exploit, but if a malicious third-party gets your the MAC address, there are very limited applications where it’s possible to do any real harm.

What can happen when someone knows the MAC address of my devices?

The moment a device is connected to a WiFi network, the WiFi MAC address becomes known to the other devices within the local LAN, so, if you decide to connect your smartphone to an Airport or hotel WiFi network, the admin can see the MAC address of your handset. But does it matter? Yes, but not really in the way you may think.

low-data-mode-iphone
iPhone 12.

It’s more about knowing your location, ID you and possibly, choosing which ads to serve to you afterwards. It’s obviously still a major privacy concern, but not really in the sense that a hacker can use it to gain access to your data or anything of the sorts. Still, I won’t deny that it is also possible to learn about the MAC address of a device from an enterprise network, as well as the moment it will get disconnected from that network (when an employee goes home with its laptop and smartphone).

So, a third party that already has access to the network (which is already too late from a security point of view) could clone and use that MAC address to hide its tracks. It’s a long shot and clearly not a common occurrence especially with home networks, but I suppose it can happen. With that in mind, know that even if the MAC address is hard coded into the NIC of the device, it’s still possible to hide it from prying eyes.

Spoofing the MAC address

As I mentioned in the intro, the mobile Operating Systems do have a MAC address randomizer built-in, but it’s possible to use specific drivers and software to change the MAC address on the laptop/PC OSes as well.

iOS:

change-mac-address
Change the MAC address on iOS.
  • Go to Settings and select WiFi, then tap the (i) next to the WiFi network that you’re currently connected to.
  • Scroll down until you identify the Private Wi-Fi Address, with the WiFi MAC address written underneath. This is a random MAC address that’s used to reduce the tracking of your iPhone over different WiFi networks.
  • If you turn it off, then the MAC Spoofing will be disabled, exposing the real, hard-coded MAC address.

Is it possible to choose a specific WiFi MAC address or iOS? Not without jailbreaking. Also, be aware that the MAC address remains persistent per WiFi network (SSID).

Android OS (12):

change-wifi-mac-address-android
Change WiFi MAC address on Android 12.
  • Go to Settings and choose Network & internet, then click on WiFi.
  • Identify the SSID to which you’re connected to and click on the cogwheel icon. This will open the Network details.
  • Scroll down to Privacy and, as you can see, it’s set to ‘Use randomized MAC’ by default, but you can choose to use the actual MAC address of the device.

Just like on iOS, the MAC address will remain persistent per SSID and there is no built-in way to choose a specific WiFi MAC address. But, since it’s Android we’re talking about, even if the v12 has been a pain in the behind to choose a custom MAC address, you can use specific tools, such as MACsposed to block the native function, so that it’s once again possible to use the ‘old’ tools for randomizing or customizing the MAC address (with root access).

Windows OS (10 & 11):

change-mac-address-windows
Change the WiFi MAC Address on Windows OS (10 and 11).
  • Search for the Settings using the search bar, then access the Network & Internet section.
  • From the menu on the left, click on Wi-Fi.
  • Identify the ‘Random hardware addresses’ section and turn it on (it’s off by default) if you want to enable the MAC address randomizer.
change-mac-address-microsoft
Windows OS – Spoof MAC address.

This option will apply to new connections, but it is possible to limit it to only a specific WiFi connection.

  • From the bottom right (in the taskbar), click on the WiFi icon to open up the available WiFi networks.
  • Identify the SSID to which you’re connected and click on Properties.
  • The first available option should be Random hardware addresses – you can choose to turn it on and for the MAC address to be persistent or to change every 24 hours (don’t recommend it due to the risk of being blocked as you’ll see in the Consequences section).

What if we want to choose a custom MAC address on Windows OS? It’s possible and not that difficult to accomplish.

  • Search for Device Manager using the search bar.
  • Identify the WiFi adapter and double click it (alternatively, right click and select Properties).
  • Choose Advanced and scroll down in the Property section until you reach the the Locally Administered Address – this is where you can choose the MAC address that you want – don’t forget to reboot afterwards. In case you don’t see this option, search for Network Address; also, be aware that some newer Intel adapters will not let you easily change the WiFi MAC address.

Does a VPN hide the WiFi MAC address?

No, a VPN does not hide the MAC address, but it doesn’t need to since this info is not sent via TCP/IP stack. If you do want and need to hide the real MAC address, then just spoof it using the methods above.

freedom-vpn-router-leaks
Setting up a VPN connection.

Consequences of spoofing the MAC address

The reason why people choose to spoof the MAC address of a device is to avoid (up to a certain degree) the tracking done by apps, ISPs and so on. And this is one of the major positive consequences, but there is another reason: it’s to get access to a network where your device got blacklisted. A properly maintained network can block the access of various devices for various reasons, so, changing the WiFi MAC address could, technically regain access to that network. But, there are some potential negative consequences for spoofing the MAC address as well.

And the most important one is the possibility to experience MAC address collision in the future without any warning. If the network has a specific access list for devices and the MAC address of your device has been changed, then you won’t be able to access that network anymore. Besides that, it’s also possible to mistakenly match a blacklisted MAC address on a new network – there’s a low chance for it to happen, but it’s not zero. Let’s also not forget the possibility for duplicate MAC addresses if you put custom MAC addresses on your device.

Leave a Comment