For making an (until now, un-) educated guess about the necessity of spending the effort of including the “Bluetooth LE Privacy” feature in a consumer, embedded device’s BT software, I am seeking information about the “necessity” from an information security standpoint of offering this feature – is it useful? does it really solve a security issue or is it already broken?
The BT SIG itself is fairly quiet about this feature besides well-worded blog posts, so shedding a little light on this would help tremendously in making the decision to “go the extra mile” or just leave it aside.
Go to Source
In a standard 48-bit MAC address, the 7th (most significant) bit specifies whether it is a universally-administered address (UAA) or a locally-administered address (LAA).
If it is 0, then the MAC address is a UAA and the first 24-bits are the organizationally-unique identifier (OUI) of the manufacturer of the network interface card (NIC).
If it is 1, then the MAC address is just an LAA.
Many drivers and NIC’s often allow users to modify the MAC address of their device.
But, it seems Windows does not allow modifying mac addresses to universal ones (i.e., UAA’s): https://superuser.com/questions/1265544/
What is the reason for this restriction? Are there security implications if this was not the case? Or, perhaps, is this merely just to prevent someone from spoofing a device as some legitimate company’s network communications product? (to their ISP)
Go to Source