A friend contacted me a few days ago and said, “Every few weeks, I’ll go to a site, and it will say that this appears to be a new device? For example, I’ve looked at my Twitter account this morning, and it put up my username and asked me for my password again. Is this anything to be concerned about?”
A little background information helps explain what is going on: Every device connected to a network has a serial number, called a MAC address. That address is how the network identifies the device and differentiates it from all the other devices on a network. As you can imagine, networks need to know what devices are connected. Think of what might happen if the network thought your computer was a printer. Printer paper might not come shooting out of your keyboard, knock over your coffee or smoothie, but you get the idea.
Because the MAC address uniquely identifies you for everyone else, think of the MAC address as a fingerprint for your device. Potentially, an advertiser, or someone in a public place, could use your fingerprint, in this case, your device’s MAC address, to track you, your activities, and what networks you use.
Apple, Google, and Microsoft want to help protect your privacy, so they might periodically change the MAC address on your computer to a different address. The new behavior strives to help keep you more anonymous on public networks at hotels and coffee shops. However, randomly changing MAC addresses can break essential security features, including:
1) As my friend did, you might start receiving alarming alerts that another person connected a new device to one of your websites or accounts. The warnings are concerning until you realize it is your computer reconnecting with a new unique index. After a time, you might ignore the alerts. But then you won’t know if a real attacker broke into your account with some other computer, tablet, or phone.
2) Parental controls at home fail if the safety restrictions are unique for each family device. When a youngster disconnects and reconnects to your network, sometimes they are no longer protected.
3) Your company keeps an inventory of your computers, tablets, and phones. It is challenging to keep the list current when your IT team must track three times as many devices as you have.
How do you solve this? It is possible to disable the randomization feature, but it takes time to reconfigure. Time is a precious commodity for you and your IT team too. An example of how to disable the behavior on iPhones, iPads, and Apple Watches: support.apple.com/en-us/HT211227
However, your employees or kids could change the feature back again to help them hide on your networks.
The answer to my friend’s question is that if the website tells you a date, time, and location of that person’s login, and you know you weren’t logging in from there at that time, yes, you need to be concerned. Otherwise, your experience may be because your device is disguising itself from the website. Disable the randomization feature, and the problem might go away.
Please forward this to your friends so that if they, or their IT team, cannot figure out why some of your security features are breaking, they will know to suspect their devices are rotating through MAC addresses.
If you want more technical details, a network identifies your device with an index number called a MAC address when you connect. There are more than 280 trillion possibilities for a MAC address; the odds are that nobody you know has the same number as your device. The first half of the number identifies the manufacturer; that makes it easier to find unidentified devices on a network.
Other problems you’ll notice because of rotating MAC addresses include:
4) Security tools at the office fail to work if the security tools rely on associating users with their computers, tablets, or phones. This problem affects both BYOD and company-issued devices.
5) IT Professionals can configure necessary reservations for computers, tablets, and phones. Those reservations are based on index numbers. When the index changes, the reservation stops working, and systems can fail or lose security.
6) Your websites will forget you. Some sites have a feature to Remember This Computer, so you do not need to go through as many steps each time you log in. The sites identify your devices by their index numbers. Your device will need to be re-remembered when your index changes.
MAC addresses look like FF:FF:FF:FF:FF:FF:FF:FF where each value I listed as F can be a hexadecimal digit 0,1,2,3,4,5,6,7,8,9, A, B, C, D, E, or F. If you know where to look, your phone, tablet, and computer can tell you the MAC addresses of each network interface.
The new behavior is causing lots of frustration in the cybersecurity world. This battle isn’t over yet.