Media Access Control (MAC) addresses form an important part of the networking stack, bridging physical devices to the network layer. In the widely used Open Systems Interconnection (OSI) model, MAC addresses fall into Layer 2, known as the Data Link Layer. They provide a unique identifier for connecting devices and can provide some insight useful in creating initial fingerprints for unknown devices.
Starting with iOS 14, release in September 2020, Apple announced new changes regarding privacy features, focused on preventing tracking and profiling of users. One of the changes was a new feature called Private Wi-Fi Address, which generates a per network MAC address when connecting to a new network. This private MAC address should not change, provided the iOS device is regularly connected and networking settings are not reset.
Android has adopted a similar feature, initially offering it as an opt-in but in recent releases changing the behavior to be enabled by default. Android 10 and 11 used a similar approach to Apple, generating the initial private MAC for each network and persisting it for a period of time, however since the release of Android 12, they have moved to non-persistent addresses that change as often as every 24 hours.
Other vendors are following suite, Microsoft has MAC randomization in Windows 11, currently as an opt-in feature. We expect most portable computing devices to have this capability in the near future.
Impact to Nodeware
While we strongly support privacy improvements for users, the ability to manage devices on corporate networks is critical. While the changing MAC addresses does not prevent scanning from occurring, it can generate new asset alerts for returning devices and incorrectly inflate asset counts.
Our recommendation is to avoid scanning guest Wi-Fi networks, provided they are properly isolated from the corporate network. This will reduce the churn associated with public networks and reduce the management complexity.
For managed devices connected to an MDM solution, you should have the option to disable MAC randomization. This will ensure a one-to-one mapping of assets and ensure asset tracking can be effective.
If you are seeing a high number of new assets, we recommend verifying your Nodeware Sensor settings to ensure the network ranges you are monitoring does not include guest access.
Comments
0 comments
Please sign in to leave a comment.