5

Can downloaded executables get my MAC address and send it to somewhere else? Also, why is it a security risk to have someone else use my MAC address, considering that it can be spoofed?

Jerry Rockwell
  • 61
  • 1
  • 1
  • 3

2 Answers2

13

I think there's a massive misundestanding about what a MAC Address is.

Nobody should get worried about MAC address. Period. Unless the attacker is in the same physical network segment than you, a MAC is useless. MAC address never leave the local network, they are easily changed, faked or cloned, they are not unique even if they were meant to be (there are stories of people with duplicate MAC addresses on they networks), and if the government wants to identify you, your browser if orders of magnitude easier than the MAC. They can hack your computer outright, and get everything. MAC won't change a thing.

So don't bother thinking about the MAC.

Now, the questions:

Viruses getting my MAC:

Yes, it's possible. The getmac command on Windows or ifconfig on Linux can get it. Any program can execute the same and get your MAC. Any program can transmit it over the Internet.

It's a security risk?

No, it's not. A virus infecting your computer is a security problem. If some unknown program is reading your MAC, the program is the problem, not what the information it reads.

What if someone else uses it?

Unless they are on the same network segment than you, nothing happens. If your network card is a cheap Chinese board, at least one thousand computers are using the exact same MAC as you, right now.

I've seen reports of MAC reuse for years, and you can find much more.

ThoriumBR
  • 50,648
  • 13
  • 127
  • 142
  • 1
    While disclosure of a MAC address will not allow someone to compromise your computer, it can indeed be a privacy threat, used to track or identify you. If these are the sorts of threats you're worried about, then it is worth thinking about how MAC addresses can be obtained and used. – Xander Sep 16 '14 at 12:59
  • Even if the MAC is a privacy threat, it's very, very hard to get, and means very little. There are lots of easier ways to identify you. You browser version plus plugins is almost public, cookies can track you everywhere and are hard to remove. Tracking your MAC is as hard as tracking your underwear. – ThoriumBR Sep 16 '14 at 13:02
  • 1
    @ThoriumBR, recently, MAC addresses have to be used to track mobile devices running Android and iOS. This is because they transmit their MAC address while trying to connect to a wifi network. – Chris Murray Sep 16 '14 at 13:20
  • Yes, in this case a MAC can be used for tracking. Mobile devices scanning for wifi are _on same subnet_ as the one listening for MACs. But there's easier ways to track your phone. Your government can just ask your carrier to do so. If you connect to any wifi network, its owner will track you. – ThoriumBR Sep 16 '14 at 13:52
  • Which cheap Chinese boards use the same MAC address multiple times? That's just *awful*. – lzam Sep 16 '14 at 13:57
12

Yes, software running on your computer can find your MAC address. If you have a malware infection, your MAC address leaking is probably not greatest of your worries (keystroke loggers, and RAM scrapers, and backdoors are a lot bigger worries).

In general your MAC address isn't really secret (it is sent with every ethernet frame), but it could potentially be used for a couple of things:

  1. If your network relies on a MAC address whitelist (only allowing computers with MACs on the list to join) an attacker could use your MAC address to get onto your network. (An attacker who is specifically targeting your organization is your threat here)
  2. The MAC address of your Wireless networking card can be used to track you. If a malicious entity knew which MAC address belongs to you, they could potentially follow you around by your phones/laptops wifi signals. (Here the threat is a very creepy stalker)
  3. A MAC address identifies your network card. Potentially, an attacker with lots of resources may be able to track which computer your particular networking card was installed into, and then find out who bought that particular computer. (Something to worry about if the government is after you)
lzam
  • 872
  • 5
  • 16
  • There are usually much easier ways to accomplish #3 (government tracking), of course. – lzam Sep 16 '14 at 01:53
  • MAC addresses are rewritten in flight at every hop of the network. For number 2, the attacker would have to be on the same network as you, before the first hop (typically a router). Of course, if the attack owns the network(s) in question, like in the case of say, Starbucks, then he can of course track you across multiple sites. For number 3, it would take a seriously large amount of resources, including possibly owning/hacking each hop on the network path. Both of these are easily bypassed by simply changing your MAC address. – Chris Murray Sep 16 '14 at 08:04
  • 1
    @Izam There are in fact incidents of the government doing exactly this. See the [FBI Tor malware](http://ghowen.me/fbi-tor-malware-analysis/) for one example and their [tracking of LulzSec](http://www.hacker10.com/other-computing/how-the-fbi-used-computer-mac-addresses-against-lulzsec-hackers/) for another. – Xander Sep 16 '14 at 13:06
  • @ChrisMurray The threat for number 2 is primarily meta-data gathering leveraging operators of large wifi hotspot networks. If they can capture every time your MAC address interacts with one of their access points, someone with access to that data can track your movements. – Xander Sep 16 '14 at 13:08