Randomized MAC Address Conflict Analysis and Implications
By: Baw Chng
Initially authored on 2021‑05‑23, revised 2021‑10‑18
Find this article online: https://bawman.com/BAWMAN/articles/RandomMAC/
Introduction for the Casual Readers
- [ Back to Executive Summary ]
- What are MAC addresses? MAC addresses are used by many popular digital communications technologies to identify parties in local communications networks. For example, Wi-Fi, Bluetooth, and Ethernet all use MAC addresses. A typical smartphone or tablet with Wi-Fi and Bluetooth capabilities would have at least two MAC addresses, one for Wi-Fi, one for Bluetooth. A typical laptop computer with Ethernet capabilities would also have a MAC address for Ethernet.
- What do MAC addresses look like? For most popular technologies like Wi-Fi, Bluetooth, and Ethernet, each of their MAC addresses is 48 bits long, typically written in the form of
xx-xx-xx-xx-xx-xx where each
x can be a digit ranged from
9 or a letter ranged from
- How are MAC addresses typically assigned? For most typical consumer products, manufacturers and component suppliers are assigned blocks of MAC addresses in a globally coordinated fashion. Then the manufacturers and component suppliers in turn assign MAC addresses from their respective assigned blocks to their products in a sequential fashion, thus virtually guaranteeing that no two pieces of equipment would use the same MAC address. Nonetheless, various technology standards that use MAC addresses also allow for MAC addresses to be locally administered or locally generated. Virtual machines, for example, use locally administered MAC addresses to let their virtual network interfaces communicate in local networks. Until recently, the use of locally administered MAC addresses has largely been hidden from the view of the casual consumers.
- Why randomize MAC addresses for consumer devices now? What changed? In a word: Privacy. As more consumers carry their mobile devices with them and use Wi-Fi and Bluetooth wherever they go, as technologies and systems become increasingly capable of correlating information across different networks, it becomes increasing feasible to “track” a consumer across time and space if the consumer always carries around a device that always reports the same MAC address. For example, if Joe Consumer carries his smartphone with him all the time, and Joe Consumer has a routine where he stops by a particular coffee shop every morning where he also enjoys the free Wi-Fi at the coffee shop, and he goes to a particular gym every Tuesdays and Thursdays and Saturdays where he also uses the free Wi-Fi at the gym, then it would be fairly easy to piece together Joe Consumer’s routine from the coffee shop and the gym’s Wi-Fi records if Joe Consumer’s smartphone always uses the same MAC address. To give consumers a way to avoid being “tracked” in this manner, in recent years popular mobile device platforms have introduced various ways to randomize the MAC addresses used by mobile devices. If Joe Consumer’s smartphone were to use different, randomized MAC addresses with different networks, the coffee shop’s Wi-Fi network and his gym’s Wi-Fi network would “see” different MAC addresses and it would be harder for third parties to deduce from Wi-Fi usage records that Joe Consumer goes to those two places. If Joe Consumer’s smartphone were to use a different randomized MAC addresses every day, then it would also be harder for third parties to deduce from Wi-Fi usage records that Joe Consumer goes to the same coffee shop every day or that Joe Consumer goes to the same gym on Tuesdays, Thursdays, and Saturdays.
- Is MAC address randomization going to be an issue? For the typical consumers, no. It is highly unlikely that randomizing MAC addresses will adversely impact individual consumers. In all likelihood, the typical consumers can continue to use Wi-Fi, Ethernet, and Bluetooth without worrying about MAC address randomization. Depending on the size of the system and what the system does with those MAC addresses (other than to facilitate basic communications for the end-users), randomized MAC addresses may introduce complications for the system operators. The matter discussed in the full article is tailored more towards these system operators and their technology suppliers.
- How to tell if a unicast MAC address is randomized or locally administered: Examine the second digit in the written MAC address
xX:xx:xx:xx:xx:xx. If that second digit is a
A, or an
E, then the MAC address is a locally administered MAC address. A locally administered MAC address may or may not have been randomized, but a randomized MAC address must be a locally administered MAC address to be standards compliant.
- [ Back to Executive Summary ]
Bawman LLC focuses on the creation and commercialization of innovative wireless broadband access technologies, mobile applications, and associated networking technologies. Bawman LLC also provides strategic, standards, and technology consulting services to develop and commercialize such technologies.
Founder and President Baw Ch'ng is a pioneer and specialist in Femtocell and Small Cell technologies, and an expert in mobile broadband technologies and standards. Mr. Ch'ng has extensive experience working with companies of all sizes (from early stage start-up to tier-1 operator), domestic and international alike, advising senior executive teams on matters concerning business strategy, technology standards, network architecture, system design, and technology research and development in the high-speed wireless networking industry.
For more information, contact: