Can there be a Fix to MAC ADDRESS RANDOMIZATION

[minanagehsalalma]

Since Mac address randomization is on by default on most devices

this make the probe sniffing a bit useless

So i think it can maybe be fixed a bit

1. We can fingerprint devices that probe for certain ssids

like for example if it we catch a mac probing for skyplabs network then we use that mac address to link the reset of the other probes together to know that they are coming from which device

2. collecting probe requests for already connected devices to nearby networks i don't know actually how to do that but here what i noticed

when deauthing a network for a couple of SECs and monitoring it with airodump-ng

You can actually see all the probs lined together for each device on that network even that they are using Mac randomization but it still works some how

You can try that by trying to capture a 4-way-handshake manually

There is also these two attacks that uses some form of advanced methods to break the Randomization but i wasn't able to fully understand

Three Years Later: A Study of MAC Address Randomization In Mobile Devices And When It Succeeds PDF

Defeating MAC Address Randomization Through Timing Attacks PDF

RESEARCHERS BREAK MAC ADDRESS RANDOMIZATION AND TRACK 100% OF TEST DEVICES

Thanks

[SkypLabs]

Hi @minanagehsalalma,

Sorry for the late answer, I had so little time to work on ProbeQuest during the last few months.

Thanks for the links. I will have a look as soon as I get a chance. Note that defeating MAC address randomisation was already part of ProbeQuest's roadmap as you can see in #6.

[minanagehsalalma]

@SkypLabs

Note that defeating MAC address randomisation was already part of ProbeQuest's roadmap as you can see in #6.

I see

keep me updated : )