It’s not just Bluetooth …

I have been reviewing Kim’s posts about the issues with Bluetooth and privacy/private identity. I have been meaning to comment about the fact “It’s not just Bluetooth!”

My deep networking experience from my time at Novell taught me a lot
about the inner workings of networking hardware and protocols.
Anyone familiar with how networks work knows that the first ‘key’ to
communications on Ethernet (actually any of the IEEE 802 standard
networks) is the MAC address. MAC addresses are assigned to every
networking adapter … and they are globally unique by default.
Each vendor who is manufacturing networking hardware is assigned a 3-octet IEEE assigned Organizationally Unique Identifier (OUI).
This OUI is then used by that vendor as the first 6 hex digits of every
networking adapter that they create. During manufacturing, most
vendors then simply tack on 3 more octets (6 more hex digits) and
increment the value for each board or device they manufacture.
What you end up with is a 12 hex digit number that is globally unique –
the first 6 identify the manufacturer, and the second 6 identify the
unique adapter.

You can actually go and search the OUI database here. A sample of this would be to search for ‘00022d’
– the first 6 digits from my Orinoco wireless card. The point is
… these MAC addresses are globally unique and can identify your
specific machine.

Now, one of my other occupations is being the founder of a wireless
Internet company. We operate a series of Internet Cafes, and also
offer some residential wireless. Using MAC addresses, we are able
to determine how many repeat customers we have. This MAC address
is what is used at the lowest levels of networking to obtain an IP
address. When you use DHCP, you are assigned an IP address that
is then associated with your MAC address. All DHCP servers
remember your MAC address to renew your DHCP lease.

Wireless is really where this becomes an issue with identity.
When you turn on your 802.11a/b/g wireless, you are now exposing
yourself to be tracked via the MAC address of your wireless card.
Now for those of you paying attention, you would realize that this goes
for wired Ethernet as well … when you plug into any Ethernet network,
you are leaving traces of your visit. In our wireless network, we
could easily have a script that would notify us of any particular MAC
address when it was detected at any of our Internet access
locations. In the case of 802.11 wireless, you don’t even have to
be assigned an IP address or use DHCP … if your card simply
‘associates’ to our access point we know you are there. This is
equivalent to the ‘Bluetooth bomb‘ that was talked about.

Now there are some ways around this. With more modern Ethernet
and wireless adapters, you are able to ‘override’ the default MAC
address that is provided by the vendor, but I have found very few
software packages or operating systems that take advantage of
this. I saw a “security tool” for Windows a few weeks ago that
picks a random MAC address each time you boot, and assigns it to your
networking card … but this is not a standard feature.

There are several identity issues that arise with wireless devices and
identity. This first one is a big issue since it is a globally
unique ID that the average person is not aware of. There are
others that can also be trouble … I’ll write more in another post …

Leave a Reply