Comment by drnick1

21 hours ago

It is hard to disagree with this approach. While I still use WiFi, it is a separate subnet and only whitelisted MACs are allowed to use it. Cameras and microphones are always unplugged when not in use, and my phone runs GrapheneOS. I also removed the hands-free microphone in my car, as well as the cellular modem.

7 comments

drnick1

kayson 20 hours ago

Is MAC whitelisting anything but security theater? Isn't it trivial to determine a valid client MAC then spoof it?

drnick1 20 hours ago
What makes you say that? It does not seem trivial at all to guess a valid MAC.
- ProllyInfamous 20 hours ago
  
  It's not just a guess.
  Any decent sniffer (e.g. airsnort) can immediately identify all associations between all WiFi/Bluetooth devices. DD-WRT (router firmware/OS) has this WiFi-associations detector built-in ("local WiFi map"). There is no need to attempt any sort of hack — associations are publicly-broadcast information.
  Then, just pick any authorized MAC and duplicate as your own.
- tirant 20 hours ago
  
  The MAC addresses of all the Wi-Fi clients are broadcasted in plain radio format all over the 2.4GHz. It is trivial.
- 0x457 20 hours ago
  
  It's in managmenet frames that you can sniff.
  
  2 replies →