Feature #12590: Check if WPS' UUID-E allows passive attackers to recover the "real" MAC address despite MAC spoofing

Feature #12590

Check if WPS' UUID-E allows passive attackers to recover the "real" MAC address despite MAC spoofing

Added by intrigeri 2017-05-24 17:10:09 . Updated 2017-05-24 17:10:09 .

Status:

Confirmed

Priority:

Normal

Assignee:

anonym

Category:

Spoof MAC

Target version:

Start date:

2017-05-24

Due date:

% Done:

Feature Branch:

Type of work:

Security Audit

Blueprint:

Starter:

Affected tool:

Deliverable for:

Description

The A Study of MAC Address Randomization in Mobile Devices and When it Fails paper reads: “Universally Unique IDentifier-Enrollee (UUID-E) which is used to establish WPS connections. The flaw that Vanhoef et al. [22] discovered is that the UUID-E is derived from a device’s global MAC address, and by using pre-computed hash tables an attacker can simply lookup the UUID-E from the table and retrieve the global MAC address [22, 16]”.

Anyone interested in checking if Tails is affected? (adding as watchers a few friendly security people who might get excited, feel free to tell me to drop you from the list of watchers if you’re not interested and don’t want to do it yourself :)

Subtasks

Tails

Feature #12590

Check if WPS' UUID-E allows passive attackers to recover the "real" MAC address despite MAC spoofing

History