A way to suppress repeated device detection for MAC randomization

Charles_L
Charles_L Member Posts: 4
Name Dropper First Comment Photogenic
edited December 11, 2020 in Fingbox feature requests #1
Hi
Early Kickstarter supporter of the Fingbox here. Great product ;). I like to know when the family joins new devices to the home Wi-Fi network and can check that it is legit and not an intruder.

Challenge:
It had been working great until MAC randomization became mainstream. I feel that volatile MAC addresses will be increasingly implemented in the future and that functionality will suffer over time. I have been turning off MAC randomization in iPhone and Android for some time now, to avoid the annoying issue of a device being repeatedly detected as a new device. I recently got more than one Lenovo Smart Clock, which does not allow MAC randomization to be disabled. Now I am stuck with new devices being detected and generating alerts on a daily basis. I also had to disable auto-blocking of new devices as I cannot control when this happens and don't want these devices stranded. (Note that I like alerts of devices joining for the first time and don't want to lose those notifications.)

Possible solution:
May I humbly suggest a simple new feature to work around this? Please add the option to whitelist (suppress notification and auto-accept) new devices using a list of MAC prefixes that the user specifies. The Lenovo device MAC addresses are all within a distinct range. Apple seems to use a few ranges. If this creates a security gap, I can accept that I opted for it. The alternative is that my Fingbox will become just too annoying, and that will be sad.

A Premium Feature suggestion:
Logically remember each of these devices and use ML/AI to confirm that they look and behave like the older ones that they are assumed to replace in the authorized device list.  This can be used to detect a truly new device. It is clearly more sophisticated to implement and will tighten up security again. 

Many thanks
Charles      
MarcCharles_LLucjanDomConwayDonAdamskobe99daluuDirkSanderBK303Gem
10
10 votes

Active · Last Updated

Comments

  • Marc
    Marc Moderator, Beta Tester Posts: 2,675
    1,000 Likes 2500 Comments 100 Answers 250 Awesomes
    ✭✭✭✭✭✭
    Hi @Charles_L...  Great suggestions.  I turned this into an idea for Fing to consider and moved to the idea section.  As any idea on the site, its vote-able so feel free to upvote it.  Fing has taken selected ideas and incorporated them so you never know.
    Thats Daphnee, she's a good dog...
  • BK303
    BK303 Member Posts: 23
    10 Comments Name Dropper 5 Likes First Anniversary
    ✭✭
    I am experiencing same issue with my new Lenovo Smart Clock on my Fingbox monitored network.  I am aware that Lenovo stupidly neglected to provide a mechanism to turn off MAC randomization for this home-centric device, and they are hoping to provide a fix "someday" (but it's been like 9 months since this was first reported to them).   I have submitted Fing/Fingbox  feedback about automatically consolidating these devices into a single device based on matching the rest of the device reported information like the Bonjour Name or UPnP Name.  I have observed that Fing / Fingbox is already doing something similar for Apple phones and watches that have MAC randomization turned on for my home network, although iOS and Apple watch devices do allow turning off this privacy feature per WiFi network.   

    I agree with Charles_L that unfortunately, accidental or poorly implemented MAC randomization is likely to become more common as this gets tagged as a "feature", even though such behavior is counter-productive and completely inappropriate on a private home Wifi network.  In my opinion, in many cases, the roll out of this new "privacy feature" has been poorly thought out, because it breaks decades of time-proven network management strategies based on globally unique MAC addresses, such as Wake-On-LAN, DHCP fixed IP reservations, MAC registration/whitelisting, etc.  IMHO, MAC randomization only seems helpful for privacy when a device is polling/responding to unconnected networks while roaming and when joining an open (public) network or a protected but widespread public Wifi network, never seems appropriate when connecting to a previously known private WPA protected network.  
  • flootie
    flootie Member Posts: 1
    First Comment
    Having to turn off properly implemented MAC randomization on my Android P5 so that Fing can function as it should is simply not acceptable. I should be able to set up my device as I wish using Android stock settings, nothing exotic, without breaking Fing (or any other app). This annoying bug has plagued this app for much too long. Each time an update is released, I hope this issue has been resolved. It never is. Surely there's a fix that's not a workaround or a kludge and doesn't require a user to sacrifice security or anything else – and does not use a phone's MEID as a unique identifier. Is this a priority for the dev team? Serious question.
  • Robin_from_Fing
    Robin_from_Fing Administrator, Fing Team Posts: 4,766
    250 Answers 2500 Comments 500 Likes 100 Awesomes
    admin
    @flootie
    Our developers are looking for a workaround for the same so users don't have to disable MAC randomization but currently, there is no timeframe for this.
    Robin (Admin at Fing)
    Getting Started? Please refer to Community guidelines & Community User Guides. HAPPY POSTING!!!