Will Digital Fence be killed by randomised MACs?

JWJ
JWJ Member Posts: 14
5 Likes Photogenic Name Dropper First Comment
edited August 9, 2019 in Fingbox #1

More and more phones have a randomised MAC address. Therefore digital fence can only detect it is new, but returning devices cannot be identified.

Is this a problem? What do you think?

Tagged:
VioletChepilRobin_from_FingMindbox

Comments

  • VioletChepil
    VioletChepil London, UKMember Posts: 2,471
    100 Answers 500 Likes 1000 Comments 100 Agrees
    ✭✭✭✭✭✭
    I believe this is a concern. Let's see what others thoughts are. 

    Community Manager at Fing

  • Pooh
    Pooh Member, Beta Tester Posts: 674
    500 Likes 500 Comments 25 Answers 100 Agrees
    ✭✭✭✭✭
    I was under the impression that MAC randomization didn't apply to devices that were connected to an Access Point. My belief (and remember, I'm a bear of little brain and often led astray by red balloons and random pots of honey) is that the MAC randomization was meant to deter snooping on devices as they are visible on random networks with no other direct association with.
    People say nothing is impossible, but I do nothing every day.
    VioletChepil
  • Keekeh
    Keekeh Member Posts: 8
    5 Likes Founder Name Dropper First Comment
    ✭✭
    Hi,
    Would  be a good test to overflow Fing's MAC table to check the device behaviour.
    Pooh
  • JWJ
    JWJ Member Posts: 14
    5 Likes Photogenic Name Dropper First Comment

    I have two Lenovo Motorola's bought in January. When they are in standby, they are often not connected to the Wi-Fi. As a consequence I have 25-50 new devices in my list. All Motorola's, but different MAC.

  • VioletChepil
    VioletChepil London, UKMember Posts: 2,471
    100 Answers 500 Likes 1000 Comments 100 Agrees
    ✭✭✭✭✭✭
    Only those with the masking would be impacted I believe. For example iPhone's in the digital fence.

    Community Manager at Fing

    Thinger
  • JWJ
    JWJ Member Posts: 14
    5 Likes Photogenic Name Dropper First Comment
    edited August 24, 2019 #7

    "only" is becoming bigger and bigger. Lenovo, Motorola and Apple. When Samsung does the same it is 90% of the market. :(

    Isn't there any other identifier shared with Fingbox that can be used?

  • JWJ
    JWJ Member Posts: 14
    5 Likes Photogenic Name Dropper First Comment

    Agree, the thread was initiated under the assumption that digital fence is meant mainly for unknown devices or outside the network.

    VioletChepil
  • Mirekmal
    Mirekmal Member, Beta Tester Posts: 68
    10 Comments 25 Likes First Anniversary 5 Awesomes
    ✭✭✭
    I heavily use virtualization in my network (home lab) and it seems that every time virtual machines are restarted these generate randomized MACs that flood Fing reports. For instance on my VMWare ESXi host I have now 6 permanently running VMs, most of them with multiple network interfaces. If I just restart whole host I get ~30 false alarms about devices entering and then leaving network... not to mention need to cleanup network data in Fing later on from these false MAC. Similar, not to this scale obviously, if I start Windows in bootcamp on my Mac it causes new MACs to be reported.... To be honest, it is quite annoying.
    Could we have sort of timeout setup to disregard MACs that appears on network for less that a ~minute or so? Only after this time, if still present would trigger the alarm? It is fine to block them by default in meantime silently - just to be sure that the real attacker is blocked... if the case.
    VioletChepil
  • Hronos
    Hronos Member, Beta Tester Posts: 289
    100 Likes 100 Comments Second Anniversary 25 Awesomes
    ✭✭✭✭
    Even Windows 10 has an option to randomize MAC Address, but I am really not sure if it is just when your are NOT connected to a Wi-Fi Network or It randomize your MAC on a "public" Wi-Fi connection (connected to).
    Keep looking up!
    VioletChepil
  • mannyfresh
    mannyfresh Member Posts: 3
    Photogenic First Comment
    What would cause Digital Fence to make ALL devices to show up as anonymous devices? Is that the same as randomized? I unfiltered and all devices show up in the anonymous devices. 632 of them! Thanks.
    VioletChepilThinger
  • Pooh
    Pooh Member, Beta Tester Posts: 674
    500 Likes 500 Comments 25 Answers 100 Agrees
    ✭✭✭✭✭
    Hello @mannyfresh, and welcome to the community.

    When you say all, are you also including devices you'd previously identified? It's not unusual to have your Digital Fence list littered with a myriad of passing devices. 632 sounds like a lot to me, but then again, I live in the suburbs, on a cul-de-sac, where houses are bigger and most apart, so I see less drive through traffic. I could imagine in an inner-city location for example one might see copious more listed, given how much denser that is.
    People say nothing is impossible, but I do nothing every day.
    VioletChepil
  • mannyfresh
    mannyfresh Member Posts: 3
    Photogenic First Comment
    edited October 8, 2019 #14
    That's exactly right. In the Digital Fence screen I have 632 in All Devices, 0 in New Devices, and 0 in Known devices. On my own network I have 115 known devices (VM's, phones, tablets, streaming devices, etc). But Digital Fence doesn't seem very useful because everything shows as Anonymous Devices. I thought I'd be able to tag a device so that whenever it comes near Wifi range I can get an alert.

    I'm not surprised by the large number of devices it's picking up because people drive by here all the time but not all should be Anonymous. I expect at least some devices to show up under Known devices.
    VioletChepil
  • mannyfresh
    mannyfresh Member Posts: 3
    Photogenic First Comment

    Ok so I changed the filter in that screen to NOT show Anonymous Devices and now all the other device categories are populated. Maybe that toggle is to anonymize the list of devices entering/leaving WiFi range in case I want to show someone while maintaining privacy.

    VioletChepil