Wi-Fi Fingerprints -- the End of MAC Spoofing?

judgecorp writes, "Wireless devices can be identified by variations in their radio signaling, known as their 'transceiverprint,' according to research reported in Techworld. The Canadian researcher, Jeyanthi Hall, related the prints to MAC addresses and got a positive ID for devices connecting to a Wi-Fi network, claiming 95% success with no false positives. Once they work out how to do this without a dedicated signal analyzer and neural network processing, it's the end of MAC spoofing on wireless networks."

The sample was 15 devices

[giafly]

As a doctoral student, Dr Hall analysed the RF signals of fifteen devices from six manufacturers, and found it was possible to distinguish clearly, even between devices from the same manufacturer. Using "transceiverprints," Dr Hall got a detection rate of 95 percent, and a false positive rate of zero, according to papers submitted to various conferences, including IEEE events on wireless and security.

So I'm convinced.

Re:The sample was 15 devices

[slew]

Okay, a show of hands, how many folks use centrino wireless vs buying a wireless card for their old computer? Now how many will buy a computer in the next year which has integrated wireless. How many of those will buy centrino wireless?

Does anyone remember the good old days when your garage remote control that you just bought from sears would open the door down the street? That's why they had to put in the codes. Just relying on a "fingerprint" when the majority of devices are from the same manufacturer is just a false sense of security.

However, if you really want to be scared, just google "bump key"...

Re:Just spoof the fingerprint

[tppublic]

Trying to spoof using a hardcoded solution out of a fab is borderline impossible - I agree. However, you seem to presume that the only method of spoofing is to have (hardcoded) hardware that is identical. Given some (albeit not complete) knowledge of how analog electronics work, I'm not sure that is the only method of achieving such a result.

It seems to me one could build analog electronics that allows signal parameters (frequency, rise time, etc.) to be electronically tuned based on the detected signal... after all, if they can identify a signal with high accuracy, then the traits to be spoofed may be distinguishable enough to be accurately measured.

Given a sufficiently powerful software defined radio, a tunable amplifier and a tunable antenna, I don't think this is impossible. It's a heck of a lot more expensive than a WLAN card, for sure. It's also a problem that a neural network is used for identification, since neural networks are a notoriously poor analysis tool from which to extract usable rules. However, given their sample size and lack of other info in the article (of other methods of forecast analysis), it is difficult to say whether the required system is so complicated that it is an intractable problem to reverse engineer the measured characteristics. I'm not convinced it is.

I don't think so.....

[postbigbang]

Here's what you can make in terms of a signature:

1. Amplitude
2. Phase shift
3. Signal cadencing... e.g. micro-sliced events
4. Parasitics
5. Encoding profiling.

And the success is 95%. That's wonderful. Bring it on.

In terms of your supposition that it would have to be "100 percent atom for atom identical" is pure hubris. You obviously have little engineering training. Try again.

Re:Moo

[Keebler71]

Not really - the fingerprinting is an artifact of the fabrication process. Manufacturing irregularities cause small and unique modulation errors on each pulse. It is these errors that allow the "fingerprinting". You can't correct for this in software - and good luck hacking your wireless board at the nano-component level.