I received a comment from a\u00a0reader who plays an\u00a0important role in the network protection industry which reads:<\/p>\n
“I was a bit surprised by you going on about Google getting the MAC addresses of devices in people's home. I asked a few other security folks, and none of us could figure out why you thought that Google had these addresses.<\/p>\n
“Of course, we could all be wrong about the way that 802.11 works, but I would have thought that the only way that the Google Car could see anything other than the MAC address of the WAP would be if both:
\n– the car quickly impersonated the WAP by forging its SSID
\n– the computers in the house tried to re-attach to the device forging the SSID Is this the scenario you think happened? If so, where did you see this? If not, what am I am misunderstanding about Wifi where just receiving signals without looking like a WAP allows me to see any MACs other than those of WAPs?<\/p>\n
“I look forward to hearing more on this, even if my understanding of WiFi (and that of the folks I asked) is wrong.”<\/p>\n
Unfortunately,\u00a0the\u00a0assumptions made by my reader,\u00a0even\u00a0though\u00a0supported\u00a0by other experts, are\u00a0wrong.\u00a0<\/p>\n
Few technologies are more ubiquitous or foundational than 802.11 wireless (WiFi).\u00a0\u00a0The security experts in this domain understand\u00a0perfectly\u00a0its security characteristics relative to protection of the data payload.\u00a0 But in the past the\u00a0device identity aspects of the system have not been on the front burner<\/em>.\u00a0 No\u00a0wonder.\u00a0\u00a0I imagine that anyone worried\u00a0about some\u00a0information agency\u00a0accumulating all the MAC addresses in the world and mapping them to the houses people live in would have been sent off to the looney bin a few years ago: “Sure, and pigs might fall from the sky and crush us too!\u00a0 Now let's get this thing deployed!”<\/p>\n Of course\u00a0I come at this from a different direction since\u00a0I'm an “identity guy” and the identity of the devices is something I have had to understand and deal with.\u00a0\u00a0But given the importance of the discussion I turned to two\u00a0colleagues in other disciplines to verify that my\u00a0own understanding\u00a0remains correct despite the evolution of the standards.\u00a0 One\u00a0is Khaja Ahmed<\/a>,\u00a0an expert in network security; the other is Christian Huitema<\/a>,\u00a0an expert in all aspects of networking.<\/p>\n I'll share Christian's comments in a separate post.\u00a0 Khaja responded:\u00a0\u00a0\u00a0<\/p>\n “Yes,\u00a0the senders MAC address is in the clear. Of course the recipients (WiFi access point) MAC address has to be in the clear so it knows that the packet is intended for it. The client\u2019s MAC address is needed so the WiFi access point knows which session key and state to use to process the frame. Just as the SA in IPsec cannot be identified without the IP address of the sender.<\/p>\n “One more point re the four fields you are talking about\u2026 There are 3 or 4 MAC addresses in each 802.11 frame depending on who is sending the packet to who on whose behalf.<\/p>\n “The sender and destination addresses are always there, so that\u2019s two. The third address is typically the Base Station Identifier. In cases where the packets are being relayed by some other part of the infrastructure there may be addresses of some intermediate transmitter and receiver. That gives you the 4 addresses. The MAC address of the original sender \/ client is just one field.<\/p>\n \u00a0<\/p>\n","protected":false},"excerpt":{"rendered":" Even many experts don't understand that with network encryption enabled, the sender's and recipient's MAC address are in the clear.<\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[47,40,11,77],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1118"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1118"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1118\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1118"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1118"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1118"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}