Wireless networks have become commonplace. For example, many people use a wireless access point to provide an internet connection to multiple TCP/IP enabled devices within their home. The access points typically operate using a version of the IEEE 802.11 wireless local area network standards (i.e., the 802.11a, b, g or n standards). Desktop PCs, laptop PCs, mobile telephones, VoIP telephones, tablet PCs, net-books, video game consoles, among other devices, can all connect to wireless networks operating according to these standards.
Wireless access points come configured with a globally unique 48-bit quantity assigned to every interface. This address is commonly called a “burned-in” MAC (Media Access Control) address. In the process of communicating with other wireless devices, this address is exposed to any receiver within range of the transmitted signal. Even when no communication is active, the access point typically exposes the burned-in MAC address as part of a periodically transmitted service-station identifier (SSID) broadcast. The SSID broadcast is used by wireless devices to identify the network associated with the wireless access point, as well as to obtain information used to send a request to attach to the wireless network, e.g., to obtain information used to generate a Dynamic Host Configuration Protocol (DHCP) request for an internet protocol address.
As noted, wireless access points typically broadcast the burned-in MAC address as part of normal operation. While the 802.11 standards allow the SSID broadcast to be disabled, the overwhelming majority of access points leave the SSID broadcast active. As a result, anyone with a wireless device can obtain the MAC address simply by being within range of the access point (typically 100 meters or less), and wi-fi sniffing devices are readily available which can collect this information. Further, large coordinated collection efforts have resulted in databases of information that correlate geophysical location data with the burned-in MAC address of access points. Thus, in some cases, the MAC address of a given access point can be used to learn the geophysical location of that access point. Combining the availability of these databases with the ability of malicious software to learn the MAC address of an access point, without needing to be within physical proximity to the access point, results in an exploit technique which may result in the unwanted disclosure of a person's general location.