Among security professionals, it is a well known fact that using only MAC Address restriction is useless as a protection mechanism for WiFi. But for the general publiv, this is still a popular method. This post aims to show how easy it is to actually hijack someones MAC address and bypass this restriction.
Here is the process, as used on a Windows laptop
- Obtain a valid MAC address that is allowed on the network
- Download macshift, created by one of Internet's renaissance men - Nate True
- Copy macshift.exe to c:\Windows\System32\
- Find the windows name of your wireless connection, from the Network Connections, for example "Wireless Network Connection"
- Open a Command Prompt(start->run->cmd.exe)
- Obtain your adapter's MAC address, by typing ipconfig /all on the command prompt. The result will include the MAC address of all interfaces.
- Type macshift VALID_MAC_ADDRESS -i "Wireless Network Connection". Here is an example screenshot.
- Happy surfing
The process without step 1 takes a total of 5 minutes. Now, it can be argued that it is not easy to obtain a valid MAC address, here are two scenarios:
- If the WiFi network does not allow for unlisted MAC addresses to associate, then you can :
- Put your WiFi card in monitor mode and capture some traffic - from there it is easy to find the MAC addresses
- Write a brute force program that will cycle the MAC address of your adapter and try to associate with the LAN. You can optimize the brute force by finding a laptop that can connect to the network and record the actual model. Then you can just cycle through half of the MAC address bytes
- If the WiFi network allows for unlisted MAC addresses to associate and then uses some sort of egress filtering, on the router or service selection gateway, things are much easier - just run a sniffer for 5 minutes and collect all other MAC addresses on the network. Filter out the gateway MAC, and at a later time (usually in the dead of night) try them one by one.
5 Rules to Home Wi-Fi Security
Talkback and comments are most welcome