Use random MAC address
BR/EDR
BLE
A MAC address (Media Access Control) is a unique identifier assigned to a device’s network interface for identification on a device network. These addresses are used in communication networks that utilize protocols from the IEEE 802 family, including Bluetooth (IEEE 802.15.1).
In Bluetooth, there are two types of MAC addresses:
- Public MAC Address: This address is the actual and fixed device identification, which cannot be changed.
- Random MAC Address: This address is randomly generated to represent the device and can be altered.
Within the group of Random MAC Addresses, there are two subgroups: those that allow connection to the device and those that do not.
The Random MAC Addresses that permit connection and access to a set of Bluetooth services do not necessarily need to be resolved against the Public MAC Address. However, it is possible to calculate the Public MAC Address from a Random MAC Address.
The generation of Random MAC Addresses during device discovery is essential to prevent attacks such as BlueTrust.
Note: There is a similarity between the real MAC address in Wi-Fi and the Public MAC Address in Bluetooth, just as there is a similarity between the random MAC address in Wi-Fi and random MAC Address in Bluetooth.
Description
During the advertising process, it’s necessary to verify if the device is generating a random address by inspecting the corresponding field in the HCI_LE_Extended_Advertising_Report message. The Address_Type[i] field can take on the following values:
| Value | Parameter Description |
|---|---|
| 0x00 | Public Device Address |
| 0x01 | Random Device Address |
| 0x02 | Public Identity Address (corresponds to Resolved Private Address) |
| 0x03 | Random (static) Identity Address (corresponds to Resolved Private Address) |
| 0xFF | No Address provided (anonymous advertisement) |
| All other values | Reserved for future use |
This check is considered satisfactory when the value in the field Address_Type is 1, 2, or 3.
Example case
Opening Wireshark with BTVS (btvs.exe -Mode Wireshark) allows reading the discovery messages of nearby devices. One of the tags shown in the advertisement packets is the type of MAC address, indicated by the Address Type field, in this case with a value of 0x00 (Public Device Address).
The MAC address type is specified according to the Bluetooth standard. In general terms, the obtained value will be in the range of 0x00 to 0x03.
The check control FAIL when the value is 0x00.
External references
- Bluetooth Core V5.3, Vol. 3, Part C, Section 10.8 Random Device Address
- Bluetooth Core V5.3, Vol. 1, Part A, Section 2.1.1.3 Security Manager Protocol
- Bluetooth Core V5.3, Vol. 4, Part H, Section 7.7.65.13 LE Extended Advertising Report event
