Home > CAPEC List > CAPEC-612: WiFi MAC Address Tracking (Version 2.11)  

CAPEC-612: WiFi MAC Address Tracking

WiFi MAC Address Tracking
Definition in a New Window Definition in a New Window
Attack Pattern ID: 612
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

In this attack scenario, the attacker passively listens for WiFi messages and logs the associated Media Access Control (MAC) addresses. These addresses are intended to be unique to each wireless device (although they can be configured and changed by software). Once the attacker is able to associate a MAC address with a particular user or set of users (for example, when attending a public event), the attacker can then scan for that MAC address to track that user in the future.

+ Attack Prerequisites
  • None

+ Typical Severity


+ Attacker Skills or Knowledge Required

Skill or Knowledge Level: Low

Open source and commercial software tools are available and several commercial advertising companies routinely set up tools to collect and monitor MAC addresses.

+ Solutions and Mitigations

Automatic randomization of WiFi MAC addresses

Frequent changing of handset and retransmission device

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
+ Technical Context
Architectural Paradigms
+ Content History
CAPEC Content TeamThe MITRE Corporation2015-11-09Internal_CAPEC_Team

More information is available — Please select a different filter.
Page Last Updated or Reviewed: August 04, 2017