Project

General

Profile

Feature #12590

Check if WPS' UUID-E allows passive attackers to recover the "real" MAC address despite MAC spoofing

Added by intrigeri about 2 years ago.

Status:
Confirmed
Priority:
Normal
Assignee:
Category:
Spoof MAC
Target version:
-
Start date:
05/24/2017
Due date:
% Done:

0%

QA Check:
Feature Branch:
Type of work:
Security Audit
Blueprint:
Starter:
Affected tool:

Description

The A Study of MAC Address Randomization in Mobile Devices and When it Fails paper reads: "Universally Unique IDentifier-Enrollee (UUID-E) which is used to establish WPS connections. The flaw that Vanhoef et al. [22] discovered is that the UUID-E is derived from a device’s global MAC address, and by using pre-computed hash tables an attacker can simply lookup the UUID-E from the table and retrieve the global MAC address [22, 16]".

Anyone interested in checking if Tails is affected? (adding as watchers a few friendly security people who might get excited, feel free to tell me to drop you from the list of watchers if you're not interested and don't want to do it yourself :)

Also available in: Atom PDF