Prerequisites
None
Skills Required
Open source and commercial software tools are available and several commercial advertising companies routinely set up tools to collect and monitor MAC addresses.
Mitigations
Automatic randomization of WiFi MAC addresses
Frequent changing of handset and retransmission device
Related Weaknesses
CWE-ID |
Weakness Name |
CWE-201 |
Insertion of Sensitive Information Into Sent Data The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor. |
CWE-300 |
Channel Accessible by Non-Endpoint The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint. |
Submission
Name |
Organization |
Date |
Date Release |
CAPEC Content Team |
The MITRE Corporation |
2015-11-09 +00:00 |
Modifications
Name |
Organization |
Date |
Comment |
CAPEC Content Team |
The MITRE Corporation |
2018-07-31 +00:00 |
Updated Attack_Motivation-Consequences |
CAPEC Content Team |
The MITRE Corporation |
2019-04-04 +00:00 |
Updated Related_Weaknesses |