Why Protecting Your MAC Address Is Just as Important as Protecting Your IP Address Using a VPN

When most people think about online security and privacy, they usually think about hiding only their IP address. That is, however, not enough. Your device has a far more deep-rooted label that can be used to identify it. It’s referred to as the MAC address.

What is a MAC address and how does it work?

To understand the MAC address, we need to begin with the Network Interface Card (NIC), the circuitry through which your device is able to make a connection to a network. As with most other products, manufacturers of NICs assign a unique MAC address to each piece they produce. It is for this reason that the MAC address is also referred to as the ‘hardware’ or ‘burned-in’ address.

The MAC address plays a big role in the interaction between network devices. Every time you make a connection to a building’s Ethernet or to a Wi-Fi router, the MAC address of the device you’re using is sent to the next device in the network chain in order to connect. Likewise, the device sends its MAC address forward to the next device. This is how the link-by-link connection of devices on the Internet comes about.

A MAC address doesn’t look similar to an IP address so you can easily differentiate the two.

  • IP address example:
  • MAC address example: 1A-2B-3C-4D-5E-6F

In general, MAC addresses are secure for the most part. But the addresses can be used by bad actors to determine your location, intercept your Internet traffic, and even facilitate a man-in-the-middle attack. However, not only are these approaches difficult, but there are also easy measures you can take to curb them.

Using MAC Address to Monitor People Online

Many organizations have managed to track devices by using their MAC addresses. Every time a device (rather, the person using it) shifts from one Wi-Fi network to another, the device continually transmits its MAC address in order for the connection to be made to the new network. In a city or a large facility (such as an airport), the locations of users can be tracked using a unified Wi-Fi system and information about their movement can be collected.

However, to achieve this, several Wi-Fi points are required, and large organizations are usually the only ones that have these resources. The tracking of devices through a MAC is usually not for sinister purposes. For example, in some parts of the world, this form of tracking is used to map traffic patterns.

But that is not to say that there haven’t been numerous cases of abuse of the technology.  In one 2013 instance, it was revealed that a London ad company was using Wi-Fi enabled trash cans to detect and track the movement of MAC addresses throughout the city in order to deliver targeted ads based in the devices’ movements and online habits.

Using MAC Addresses to Impersonate or Disrupt a User’s Connection

A hacker trying to jump aboard the same Wi-Fi you’re connected to can use special software to determine your MAC address. In case the router is poorly set up, the hacker can even hijack your credentials by impersonating you.

Some Wi-Fi routers filter user access using MAC address, and this can be a highly effective security strategy when used in conjunction with other security measures. However, when used in isolation, users on the network become easy targets for MAC spoofing. Your device regularly broadcasts its MAC address every time it tries to connect. Once a hacker gets it, that’s all they need to impersonate you.

Fortunately, this security threat can be easily resolved by using an encrypted and secure password-protected Wi-Fi router. This is because even if the hacker can still get your MAC address and use it, they won’t have access to the network anyway.

Securing Your MAC Address

As mentioned earlier, using your MAC address to launch an effective cyberattack on you is not easy. This is because it’s hard to link your MAC address to your identity. Moreover, MAC addresses are almost never shared beyond the first device they connect to on a network. As a result, finding yourself in a situation where a hacker can use it to attack you is rare.

Nonetheless, in certain scenarios, it can pose a security risk. Furthermore, some local networks, such as the one at your workplace or school, might be using MAC addresses to censor certain online content.

It is important to note that completely blocking your MAC address would be detrimental because it is required for a connection to be made to the Internet and other devices. However, there are three techniques you can use to make sure that your MAC address is private and secure.

  1. When on the Move, Turn Off Wi-Fi

As you have learned, your device’s MAC can potentially be broadcasted to possibly hundreds of devices as you move through the city. Even if your device doesn’t connect to these devices, the MAC address is still sent to facilitate the discovery of networks and list them.

If security is a priority for you, as it should be, you should only connect to Wi-Fi networks that you trust or you use a VPN to connect to unknown Wi-Fi connections. If you don’t have a VPN, it’s advisable to disconnect your Wi-Fi and turn it on only when connecting to a Wi-Fi you know is secure.

The added benefit of this strategy is that it saves battery life on some mobile device. Constantly scanning the surroundings for Wi-Fi networks and broadcasting your MAC address uses expends some power from your battery.

  1. MAC Spoofing

The specifics of this solution will vary from one device to another. It is, however, among the most effective ways of securing your devices. Spoofing your MAC address works in the same way as disguising your IP address: you use a fake MAC address. The procedure will depend on the device for which you want to spoof the MAC address. The basic steps are essentially the same, though.

  • Identify your current MAC address
  • Use a command prompt, an app or a built-in feature to alter your MAC address to a specific or random one depending on the format of your actual MAC address
  • Confirm that the MAC address has changed

Be wary that doing this might disable processes that need your device to have a defined MAC address. For instance, if you’re connected to a Wi-Fi router that has included your MAC address in the list of devices allowed to access the network, altering your MAC address may effectively lock you out of the network.

In addition to that, MAC spoofing might also be part of a hacker’s arsenal. Therefore, some network administrators might flag people using it as threats. Caution is thus advised when using this method.

  1. MAC Randomization

Rather than assigning your device one fake MAC address, this method allows you to cycle through several fake MAC addresses every time you want to connect to a Wi-Fi network. The moment a connection is made to the network, the randomization stops so that the connection can be maintained.

When it comes to MAC address security, this is probably the most balanced solution. In addition to preventing your actual MAC address from being broadcasted indiscriminately, it helps you to avoid making connections inadvertently. As with MAC spoofing, this procedure for MAC randomization varies from one device type to another.

Not every device has the capacity to employ MAC randomization. iOS 8 and newer versions support MAC randomization. The feature is built into Windows 10 but it is disabled by default, and it can actually remember several random MAC addresses used to connect to various Wi-Fi networks. To learn the procedure for your device, some Googling may be required.