[mschuster91]

This comment should be made the top comment. Thanks for the information.

I guess this implies not "only" passive eavesdropping but also network access in environments without a MAC address filter (not that these can't be spoofed regardless)?

[sengork]

Spoofed yes but they're hard to guess in advance without prior knowledge of the device's MAC address.

[djrogers]

MAC addresses are broadcast in the clear regularly, so any device doing that without some randomization is ripe for the picking.

[willstrafach]

Worth noting also: You vannot randomize it when connected to a Wi-Fi network.