|
When you turn your WiFi on, you can be tracked and attacked very easily. This is been known for a while, though not widely enough. If at one time you connected to an open network, your devices continues to scan for that network. I can spoof that network, you connect to it, and then I intercept all traffic. A full framework has been created for this, complete with the ability to fingerprint your browser/OS and send exploits to your device [1]. Even if you only connect to password protected networks, it's possible (without access to the real AP) to let your clients send parts of the EAPOL handshake, and then perform a bruteforce attack. Weak passwords are cracked, meaning I can again intercept all traffic and possibly exploit your device. So you only connect to one single network, strong password. Good. I can still track your MAC address. Even with one single device I can estimate the distance and the angle of your signal [2]. Hence I know your location, at all times. So you prevent MAC address tracking by using an identifier-free link layer protocol [3] (this doesn't exist in practice, only researchers made a demo showing its possible). Though a lot better, even with such a system it's possible to track the movement of devices purely based on the fingerprint of the physical WiFi signal [4]. Given sufficient location data it's likely to again (automatically) de-anonimize the dataset and track your movements (it's more complicated, yes, but still possible). [1] http://www.sensepost.com/blog/7557.html [2] Avoiding Multipath to Revive Inbuilding WiFi Localization [3] Improving Wireless Privacy with an Identifier-Free Link Layer Protocol Ben [4] SecureArray: improving wifi security with fine-grained physical-layer information |
Or you could just randomize your MAC occasionally. If you're not even connected to a network (which is the situation we're discussing), just scanning, there's no reason for keeping a static MAC.