By Charles Miller
Every computer, smart phone, tablet, smart TV, and every IoT (internet of things) device connected to the internet has a unique MAC (media access control) address. A MAC address is similar in many ways to a serial number that is uniquely assigned to your device. Your MAC address along with your internet IP address is what allows a device to be connected to the internet.
Back in the earliest days of public access to the internet, the early 1990s, local internet service providers (ISPs) quickly took advantage of what they saw as a money-making opportunity. The local cable company where I lived in East Texas was the first to provide broadband internet to the public, and to connect one computer to the internet they required its MAC address. Then if you had two computers, it was obligatory to tell them the MAC address of that second computer, and you were charged double; if you had three computers, you paid triple the monthly charge.
It did not take long for computer techies like me to figure out that it was simple (and legal under U.S. law) to give the cable company the MAC address for one computer, pay for one computer, then “clone” that MAC address into a router. The router would then identify itself to the cable company’s server as that computer (not a router), and it would pretend to be the computer. The router would then route traffic to other computers in the house. The cable company was blind to this because it could not see what was going on inside the router. All the ISP could see is that it was connecting one MAC… and it was really busy.
A client recently shared with me a message received from her ISP in response to a complaint about her service. It stated that she was paying for 20 Mbps speed, and the company had probed the router inside her house to verify she was actually receiving 43. Then it went on to say that the ISP could see that she had eight devices connected to the internet: three hard-wired and five Wi-Fi. That was ever so slightly discomforting to me because I realized the ISP could easily have gone on to say that the MAC addresses showed that those eight devices were a Dell laptop, two iPhones, Samsung TV, Amazon Firestick, and three security cameras.
I called that discomforting because if devices such as the security cameras can be detected, they can be hacked. You trust your ISP is not going to do that, but rest assured there are gangs of Chinese and Russian criminals ready to try. From a security standpoint it would be much more secure if your ISP, along with all malicious hackers, were blind to what equipment you have inside your house. That is the case if you have your own router, but if you are among the large number of internet users who are using hardware provided by the telephone company or cable company you could be vulnerable.
There is always a tradeoff between security and convenience, and always the case that achieving security should be balanced against whether or not there is any need to pay for extra security. Be sure to pick up your copy of Atención next week to continue exploring this topic.
Charles Miller is a freelance computer consultant, a frequent visitor to San Miguel since 1981, and now practically a full-time resident. He may be contacted at 415 101 8528 or email FAQ8@SMAguru.com.
