MAC Address Scrambling in Linux
“MAC Address Scrambling“- By name itself we can understand, instead of using burned-in address, the machines uses random MAC address. The machine/device changes MAC address regularly to improve security. MAC address is 48 bit hexadecimal digit which is burned in every electronic device has capability of “connectivity” such as mobile devices, smart TV, PC, etc. “Apple” added this feature to iPhones from iOS8 to protect user’s privacy.
So, how does a static MAC address causes some security issues? First thing caught in my mind is this
According to Edward Snowden, the National Security Agency has a system that tracks the movements of everyone in a city by monitoring the MAC addresses of their electronic devices. As a result of users being trackable by their devices’ MAC addresses, Apple has started using random MAC addresses in their iOS line of devices while scanning for networks.If random MAC addresses are not used, researchers have confirmed that it is possible to link a real identity to a particular wireless MAC address.
As I said it is “Burned-in”, means it never changes which network you connect unlike IP address. Another possible attack is “Man-in-Middle” with ARP poisoning. I highly recommend you to read wikipedia article: ARP spoofing for better understanding of ARP poisoning. IEEE group also recommends random MAC address for Wifi security. Read this article for more info
For Linux, soon will get this feature. But now, I made a script(init script: I know init scripts are not meant for this, but I made it anyway!) which changes MAC address on every time machine boots. Not only on boot, we can change whenever we want with simple command and can restore to original or we can go one step further with cron job to schedule the script that changes MAC address for every 1 hour or 30 minutes (Depends on your need).
It is a shell script uses macchanger, which executes every time machine boots thus the interface gets random MAC address every time.
NOTE: The “macchanger” or any other script never changes the device’s actual MAC address which is burned on the interface, but macchanger create a proxy which machines uses this proxy MAC address for network communication
How to install?
sudo apt-get update && sudo apt-get install macchanger -y
Download and place
changerscript in /etc/init.d/
wget -q -O /etc/init.d/changer https://goo.gl/tRfoJo
Give executable permission
sudo chmod +x /etc/init.d/changer
sudo update-rc.d changer defaults
Or simply, you can run my One Installer script and choose ‘Changer init script’ in menu as you see in below screenshot
- Change the interface in
changerafter you download, by default the interface is
- There will be network restart when you run
service changer newor
service changer restore
- Kali Linux’s latest version(kali-rolling) has this feature. While upgrading(apt-get install upgrade), there is macchanger prompt asking to enable this feature.