Why is MAC-based authentication insecure?

Most wireless routers can use MAC-based authentication as part of their overall security scheme. It seems like a good idea, but I've heard that it is very ineffective, because it's easy to spoof MAC addresses.

I believe that it's easy to spoof these addresses, but I don't see how that's a problem. Wouldn't hackers still need to know what MAC address to pretend to have? There are 16^16 possible MAC addresses, so that doesn't seem like too big of a problem to me. Can anyone explain?

In an ethernet network the MAC address is used to uniquely identify each node (computer etc) on the network. Every packet broadcast over the network must contain the MAC address of the intended receiver to ensure packets get where they need to go.

Therefore using a packet sniffing tool it is quite easy to extract valid MAC addresses "off the wire". Once you have the MAC address, as you already know, spoofing the MAC address is even easier.

Also, I seem to remember that MAC addresses are part of the OSI Data Link layer (level 2) and are still visible in packets even if encryption such as WEP / WPA2 is used. This may have changed more recently however.

Even with wireless encryption enabled, MAC addresses are sent unencrypted. The reason for this is that if you encrypted the MAC address, every client on the wireless network would need to decrypt every single packet, just to find out whether it was sent to them or not.

Imagine watching a Netflix movie on your laptop using your home wireless connection, with a smartphone in your pocket also connected to the wifi. Your phone would need to receive every packet containing the streaming movie, decrypt it, then discard it. This would consume a huge amount of CPU and battery for no real reason.

Since the MAC address in each packet is always unencrypted, it's trivial for any attacker to run a packet sniffer, get a list of all the MAC addresses communicating on the network, then impersonate one of them.

Security Now podcast #11 (MP3, transcript) covers MAC filtering as well as WEP, disabling SSID broadcasts, and other ineffective ways of securing a wireless network.

It's only insecure if you actually have something valuable to protect. If you're just trying to prevent unauthorized users from using your wireless connection MAC-based authentication is fine.

MAC addresses aren't intended to be kept private, so it's very easy for someone to clone it.

It's bad because those who use it, apparently think it makes things more secure. And it's that wrong feeling of security that's the problem.

(Don't bother to filter on MAC-address, nor to hide the SSID. Use WPA or WPA2 with a good passphrase instead.)

In computer security there is a statement "Users are the weakest links in the security chain " So I can imagine a one situation.

Say an internal user wants to do something "illegal".. So in this case he can use the MAC of his own machine and do whatever thing he want. Since the admins can see it is a "hack" there is no responsibility of the real user.

And as far as I know a user can scan for the MAC addresses within the LAN. I think packet sniffer tools can retrieve them. So in that case he can steal a MAC of a his mate as well.

Don't think the hackers are from the outside. They may be insiders as well.

How to differentiate series $\sum_{n=1}^{100} n(101 - n) \times \log(x - n)$

Prove that $\sum_{k=0}^{n} \frac{1}{4^{k}}=\frac{4}{3}-\frac{1}{3 \cdot 4^{n}}$ converges to $\frac{4}{3}$ using the $\varepsilon-N$ proof

The largest component of G(n, p)

Understanding the proof of Definition by Recursion

All elementary toposes have finite colimits

$\mu \otimes \nu(A \times B)=\mu(A)\nu(B)$

How to solve this functional equation $f(xf(y))+y+f(x)=f(x+f(y))+yf(x)$?

Complex functions whose derivative is itself

The proof that if f(x) is continuous at x=c, then 1/f(x) is continuous at x=c

Is every contractible subspace of a contractible space a deformation retract or retract?

Solution to $x'=x\sin(\frac{\pi}{x})$ is unique