Can Machine Learning Break Wi-Fi Privacy? A Study on MAC Address Randomization

📅 2026-06-24
📈 Citations: 0
Influential: 0
📄 PDF
🤖 AI Summary
Although MAC address randomization is designed to protect Wi-Fi privacy, passive adversaries can still track devices by exploiting inherent hardware characteristics. This work proposes a machine learning–based device identification method that constructs a multidimensional fingerprint by decomposing the High Throughput (HT) capabilities information element bit-by-bit and integrating inter-frame arrival times (IFAT) of probe requests with synthetic received signal strength indicators (SRSSI). The authors evaluate three unsupervised clustering algorithms—DBSCAN, K-Means, and OPTICS—on a dataset of 22 devices. Among them, DBSCAN combined with HT bit decomposition and three SRSSI features achieves 89.6% accuracy in global device identification, thereby exposing significant limitations in current Wi-Fi privacy mechanisms.
📝 Abstract
Medium Access Control (MAC) address randomization has been widely adopted during the IEEE 802.11 network discovery phase as a countermeasure against passive tracking. This paper exposes vulnerabilities in these privacy protocols by demonstrating that devices remain identifiable using Machine Learning (ML)-based fingerprinting. To study the potential tracking capabilities of a passive attacker, we evaluate different eavesdropping scenarios and configurations. To this end, we extract unencrypted hardware specifications from Probe Frames, which we combine with the Inter-Probe Frame Arrival Time (IFAT) and Simulated Received Signal Strength Indication (SRSSI) signals. A core contribution of this paper is the bitwise decomposition of the High Throughput (HT) capabilities information field, which improves device identification accuracy. We evaluate this de-randomization approach using three unsupervised clustering algorithms (K-Means, DBSCAN, and OPTICS) across a dataset of 22 devices from six manufacturers. Our results show that DBSCAN, when using decomposed HT capabilities information and three SRSSI measurements, achieves a global accuracy up to 89.6%. This suggests that the existing MAC randomization solutions are insufficient and underscores the need for enhancing privacy within Wi-Fi standardization.
Problem

Research questions and friction points this paper is trying to address.

MAC address randomization
Wi-Fi privacy
device fingerprinting
passive tracking
machine learning
Innovation

Methods, ideas, or system contributions that make the work stand out.

MAC address randomization
machine learning fingerprinting
HT capabilities decomposition
unsupervised clustering
Wi-Fi privacy
🔎 Similar Papers
No similar papers found.