Method 9: MAC Filtering

2 Shields

By setting up a MAC address filter, the WiFi router will only allow those devices on the list to connect. Even if the WiFi security credentials (e.g. WPA password) are known, unless the device is on the list, the WiFi router will not allow it to connect.

By using the right tools, hackers can determine the MAC address of a device allowed to connect to the WiFi router. They can then spoof that device by configuring their own device to use the valid MAC address.

MAC filtering only rates 2/5 shields. MAC filtering is a good way to keep unsophisticated users (perhaps neighbours) from connecting devices to the WiFi router, even if they are able to determine the passphrase or key for any WiFi security that is enabled. Unfortunately, it doesn’t take a lot of sophistication to work around this feature by having a connecting device pretend to be an authorized device by spoofing its MAC address (aka BSSID).

Unfortunately, a number of those network devices allow the MAC address to be specified by the user, in addition to being uniquely allocated to the device. This means anyone can pretend to be anyone else by simply specifying the other device’s MAC address as their own.

MAC filtering was designed as a way to ensure that only authorized devices were physically connecting to the network. Since each network device has a unique MAC address, administrators can create a whitelist (or blacklist) of devices that they want to allow (or disallow) to connect.

Airodump Survey

 

In the image above, we can see that the WileCoyote1 WiFi router (MAC address C8:BE:19:6C:3F:9F) has allowed a connection to a client device (MAC address D0:E1:40:2E:A5:A5).

On the router, the connected device list looks like this:

Connected Devices

On the hacker’s device, they can specify the MAC address of the iPhone as their own:

Spoof Setup

Once completed, they can then connect to the WileCoyote1 WiFi router, pretending to be the iPhone:

Spoof Connected

The hacker’s box is now successfully connecting to the WiFi device, masquerading as the iPhone by using its MAC address.

Spoof Connections

And on the WiFi router? Notice the name change. It really is that simple to have one wireless device pretend to be (spoof) another device.