The “Media Access Control” (MAC) address is a unique identifier assigned to a network interface controller (NIC) for use as a network address in communications. MAC addresses are the main method of identification in most of the popular communications protocols including Ethernet, Bluetooth, and WiFi. The MAC address is “burned into” the radio chip embedded within a connected device that gives it its unique worldwide address. Since most devices host a sole radio chip for communications, the MAC address of the chip also identifies the device.
In the connected home where WiFi rules, a device’s MAC address is sent over the air during connection time, when the device “checks in” with the home router. It is then used throughout the session over the network.
Privacy Issues
In the good old days, MAC addresses were static. The first three octets described the device and manufacturer, and, along with the rest of the MAC address, served up easy-to-come-by information for fingerprinting and distinguishing each device every time it connected to the network. When a device inadvertently disconnected and reconnected, any product or solution watching MAC addresses would know that it was dealing with the same device, since the MAC never changed.
Unfortunately, the simple, static-MAC address scheme presents a privacy problem. Static MAC addresses make it easy to track devices, but they also enable simple tracking of device movements and collection of historic location data that can be used for marketing purposes or sold to third parties. Since most people don’t want to be tracked without their knowledge, device manufacturers have gone to work to solve the static-MAC privacy problem.
Have It Your Way
Currently, the MAC privacy story is evolving. Newer generations of connected devices, especially smartphones, are likely to employ a feature called MAC randomization where MAC addresses are applied locally and randomly at connection time – during the device’s discovery process when it scans the radio frequencies to learn about available nearby networks (Bluetooth, WiFi, etc.). Because the MAC address can differ from network to network, this feature thwarts many methods of unwanted device tracking. But since, after connection, the randomized MAC address becomes static on the network, it’s only a partial privacy solution. It is still quite trackable.
Coming versions of MAC randomization are more sophisticated when it comes to privacy. In these new schemes, MAC addresses may not be tied to specific networks and might change frequently, even when connected to the same network. In fact, when a home device disconnects from and reconnects to the same home router, it would likely gain a different MAC address.
This scheme will provide a solution to the privacy problem, but will create another conundrum for Communication Service Providers, Device and App Vendors, and Content Providers. Since disconnection and reconnection can occur frequently in a home network, especially with mobile devices that move in and out of WiFi range, those services that depend upon knowing about the device will have to re-think their method of device fingerprinting, i.e., identifying the device and its type.
MAC in Motion
So, how do you keep track of a moving MAC? Veego has already solved the problem.
The router-based Veego Agent is great at device fingerprinting – figuring out which device this is and even the type of device, e.g., gaming console, smart TV, or camera. Veego doesn’t rely on old-school static MAC addresses. From the outset, Veego designed a solution for its router-resident SW Agent that enables it to deal with the phenomenon of MAC randomization as it exists today and into the future as it evolves. The Veego Agent employs an approach that incorporates protocols, signatures, and other behavioral attributes, enabling it to maintain a very high level of device-fingerprinting accuracy even when MAC addresses are dynamic.
For the multitudes of devices that Veego Agents have already encountered, we have built, in the Veego Cloud, amazingly accurate device-fingerprinting ML models. But new connected devices are always coming onto the market. So, whenever a new device is encountered, the Veego Agent collects metadata about it and conveys it to the Veego Cloud where it is used to train ML models. These updated models are shipped back to Veego Agents for accurate fingerprinting of this device going forward.
The Value of Knowing
Why is it important to know if we’re dealing with the same device or a different one? This information is vital for many reasons, including session continuity and autonomous problem resolution. For example:
- Is a specific iPhone losing sync frequently? Should it be replaced? That’s crucial information for the Device Vendor (in this case, Apple).
- Are there various iPhones in this network and several of them are losing sync so the problem is probably in the router? This is crucial information for the Internet Service Provider or router manufacturer.
Veego Keeps Track of the MAC
Veego’s advanced capabilities deliver accurate device fingerprinting regardless of the level of technology of MAC assignment – from static to randomized.
