Research Finds MAC Address Hashing Not a Fix for Privacy Problems

research project done by a graduate student at Stanford on the security of hashed MAC addresses in retail analytics software has shown that to be true once again.
One of the things that has raised the hackles of privacy advocates in recent years is the rise of passive tracking of consumers’ mobile devices as they move through stores, coffee shops, malls and other locations. Retailers can use software that detects the network announcements that cell phones with WiFi and Bluetooth enabled make periodically in order to track a given person’s device. This allows retail analytics firms to build databases that include the various locations that a device has been tracked in over a period of time.
This presents some rather obvious privacy issues, because most consumers have no idea that their devices are sending out these signals, let alone that retailers are gathering the information and building massive databases with the results. In October, a code of conduct surrounding retail analytics was released, and one of the provisions is for firms to hash the MAC addresses of users’ devices after they’re collected as a way to preserve users’ privacy. Jonathan Mayer, a PhD student at Stanford University, decided to take a look at how difficult it would be to reverse the hash of a given device’s MAC address, something that is meant to be quite difficult.
Hash functions take an input, in this case a device’s MAC address, and produce a random series of letters and numbers as the output, the hash value.

View full post on Who Got Hacked – Latest Hacking News and Security Updates