Device identifier claims to stop MAC address abuses

Article By : Majeed Ahmad

A network-centric device identifier claims to provide an answer to MAC address abuses in Wi-Fi networks.

Everyone has been talking about privacy for years, but now that the backlash is big enough for some lawsuits to be filed, a privacy-centric approach to device identity claims to replace media access control (MAC) addresses and redefine device identity management in Wi-Fi networks.

LEVL Technologies has unveiled a software plug-in for home routers that can be downloaded over-the-air (OTA) and does most of the heavy lifting in the cloud. The Palo Alto, California-based company’s LEVL-ID technology facilitates a unique device identifier that is network-specific and is derived and held within the network. So, there is nothing on the device that can be changed or stolen.

illustration for the LEVL-ID software plug-in working on a smartphoneLEVL-ID software plug-in ensures consumer privacy while enabling secure device identification. Source: LEVL Technologies

When Ethernet was designed decades ago, the intent for MAC addresses was to get to the right network and ensure that messages are delivered to the right device. Next, this unique device identifier began to enable network optimization and offer a variety of user personalization services.

However, MAC addresses also got abused. A smartphone constantly sends requests to Wi-Fi access points and access point vendors can collect MAC addresses from these requests, allowing humans’ physical tracking. They can tell exactly where you’ve been. In 2019, for instance, Tik Tok collected hundreds of millions of user MAC addresses by working around Android protections.

Therefore, to counter the MAC address abuse, the industry started to randomize the MAC addresses, so that nobody could track users anymore. In 2014, people began to randomize the scanning, which limited human tracking. Over time, iOS, Android, Windows, and Linux operating systems began hiding the real MAC addresses.

The problem with MAC randomization is that it also impacts the high-value use cases such as parental controls. According to Tim Colleran, vice president at LEVL Technologies, the solution is a privacy-friendly alternative to using MAC identification. “A unique device identifier helps users reclaim consumer privacy without compromise while also providing several personalization services,” Colleran said.

The LEVL-ID software comprises two pieces: a small software plug-in that runs on the Wi-Fi router to extract the full-stack information and a cloud-based service performing the creation, management, and maintenance of LEVL-ID.

“We are pulling data from all seven layers of the network stack, including physical layer (PHY), and there is nothing that goes inside the device,” said Colleran. “The privacy-centric approach to device identity uses some aspects of PHY to improve the accuracy of device identification.”

This article was originally published on EDN.

Majeed Ahmad, Editor-in-Chief of EDN, has covered the electronics design industry for more than two decades.

Related articles:

Leave a comment