Chris HoffmanEditor-in-Chief

Chris Hoffman is Editor-in-Chief of How-To Geek. He"s composed about an innovation for over a decade and was a PCWorld columnist for 2 years. Chris has actually written because that The new York Times, been interviewed as a technology expert ~ above TV stations choose Miami"s NBC 6, and had his work covered through news outlets choose the BBC. Due to the fact that 2011, Chris has actually written end 2,000 articles that have been read almost one billion times---and that"s just right here at How-To Geek. Review more...

You are watching: Which of these is a vulnerability of mac address filtering?

About How-To Geek
UpdatedJul 10, 2017, 2:42 pm EDT| 4 min read

MAC deal with filtering allows you to specify a list of devices and also only enable those tools on your Wi-Fi network. That’s the theory, anyway. In practice, this defense is tedious to set up and easy to breach.

This is among the Wi-Fi router features that will provide you a false sense of security. Just using WPA2 encryption is enough. Some human being like making use of MAC address filtering, yet it’s not a security feature.

How MAC address Filtering Works

RELATED: Don"t have a False feeling of Security: 5 Insecure means to Secure her Wi-Fi

Each device you own comes with a unique media access control attend to (MAC address) the identifies the on a network. Normally, a router permits any device to attach — as long as it to know the appropriate passphrase. Through MAC address filtering a router will an initial compare a device’s MAC attend to against an approved list of MAC addresses and only permit a an equipment onto the Wi-Fi network if the MAC address has been particularly approved.

Your router probably enables you to configure a list of enabled MAC addresses in its web interface, enabling you to choose which devices can affix to her network.


MAC deal with Filtering offers No Security

So far, this sound pretty good. Yet MAC addresses can be easily spoofed in many operating systems, for this reason any an equipment could ~ pretend to have one the those allowed, distinct MAC addresses.

MAC addresses are easy to get, too. They’re sent over the air v each packet walk to and also from the device, as the MAC deal with is used to ensure each packet it s okay to the right device.

RELATED: How one Attacker could Crack her Wireless Network Security

All an attacker needs to do is monitor the Wi-Fi website traffic for a 2nd or two, examine a packet to uncover the MAC deal with of an allowed device, readjust their device’s MAC deal with to that permitted MAC address, and also connect in that device’s place. You may be reasoning that this will certainly not be feasible because the maker is already connected, yet a “deauth” or “deassoc” assault that forcibly disconnects a an equipment from a Wi-Fi network will permit an attacker to reconnect in that place.

We’re not exagerating here. An attacker through a toolset prefer Kali Linux deserve to use Wireshark to eavesdrop ~ above a packet, operation a quick command to readjust their MAC address, use aireplay-ng come send deassociation packets to that client, and also then attach in that place. This entire process could quickly take much less than 30 seconds. And also that’s simply the manual an approach that entails doing each action by hand — never ever mind the automated tools or covering scripts that can make this faster.


WPA2 Encryption Is Enough

RELATED: Your Wi-Fi"s WPA2 Encryption deserve to Be Cracked Offline: Here"s How

At this point, you may be thinking that MAC deal with filtering isn’t foolproof, yet offers some extr protection over just using encryption. That’s sort of true, however not really.

Basically, as long as you have a solid passphrase with WPA2 encryption, the encryption will certainly be the hardest thing to crack. If an attacker have the right to crack your WPA2 encryption, it will be trivial for them come trick the MAC attend to filtering. If an attacker would certainly be stumped by the MAC resolve filtering, they absolutely won’t have the ability to break her encryption in the an initial place.

Think of that like including a bicycle lock to a bank vault door. Any kind of bank robbers the can get through that bank vault door will have actually no trouble cutting a bicycle lock. You’ve added no real extr security, however every time a financial institution employee demands to accessibility the vault, they have to spend time managing the cycle lock.


It’s Tedious and Time-Consuming

RELATED: 10 Useful choices You have the right to Configure In your Router"s net Interface

The time spent managing this is the key reason you shouldn’t bother. Once you collection up MAC resolve filtering in the an initial place, you’ll need to gain the MAC address from every machine in your family and allow it in your router’s internet interface. This will certainly take some time if you have a most Wi-Fi-enabled devices, as most human being do.

Whenever you get a new device — or a guest come over and also needs to use your Wi-Fi on their devices — you’ll have actually to get in your router’s web user interface and include the brand-new MAC addresses. This is on optimal of the usual setup procedure where you need to plug in the Wi-Fi passphrase right into each device.

This just adds extr work to her life. The effort should pay off with better security, but the miniscule-to-nonexistent an increase in defense you obtain makes this no worth her time.

This Is a Network administration Feature

MAC resolve filtering, effectively used, is much more of a network management feature 보다 a protection feature. That won’t protect you against outsiders trying to proactively crack her encryption and get onto her network. However, the will enable you to select which gadgets are permitted online.

For example, if you have actually kids, you can use MAC deal with filtering to disallow your laptop or smartphpone native accessing the Wi-FI network if you need to ground them and also take away net access. The kids could get around these parental controls with some an easy tools, however they don’t recognize that.

That’s why plenty of routers also have other functions that depend on a device’s MAC address. For example, lock might permit you to allow web filtering on particular MAC addresses. Or, you have the right to prevent devices with particular MAC addresses from accessing the web during school hours. This aren’t really protection features, together they’re no designed to stop an attacker that knows what they’re doing.

See more: How To Make Purple Fire - Easy Tricks To Change The Color Of Your Campfire!


If you really want to use MAC deal with filtering to specify a list of devices and their MAC addresses and provide the perform of gadgets that are permitted on her network, feeling free. Some people actually reap this sort of management on part level. But MAC deal with filtering offers no real boost to your Wi-Fi security, so girlfriend shouldn’t feeling compelled come use it. Most human being shouldn’t bother through MAC deal with filtering, and also — if they carry out — should recognize it’s no really a defense feature.

Image Credit: nseika top top Flickr

Chris HoffmanChris Hoffman is Editor-in-Chief of How-To Geek. He"s created about technology for over a decade and also was a PCWorld columnist for two years. Chris has written because that The brand-new York Times, been interviewed together a modern technology expert top top TV stations favor Miami"s NBC 6, and also had his work covered by news outlets choose the BBC. Since 2011, Chris has actually written end 2,000 articles that have actually been read virtually one billion times---and that"s just right here at How-To Geek. Read full Bio »