Spoofing IoT Device MAC Addresses

2 minute read Updated

Connecting devices like the RPi or Apple TV to public networks requiring browser-based auth can be a drag. But that shouldn't stop you from hacking your way in. Find out how.

Imagine your sitting at a cafe on some exotic island after your last visa run to Sim Lim Square in Singapore where you picked up a CCTV Wi-Fi camera to protect your valuables and nerd out on gadgets.

You unbox your new toy only to realize you can’t connect it because the cafe you’re sitting at is using a captive portal.

Gah! What to do… Shell into the device and use wget or curl? Fuggetaboutit.

You reach into your Tortuga carry-on bag, pull out your laptop and do the only sensible thing you can think of—spoof the device’s MAC address.

Here’s how to spoof the MAC address of an IoT device using macOS.

How to Spoof the MAC address of an IoT device

First, disconnect from the network. This can be done from the Wi-Fi drop-down menu appearing when you Option-Click the Wi-Fi signal icon near the system clock.

Then press Command-Space to reveal Spotlight, open Network Utility and copy the Hardware Address for Wi-Fi.

Take note of the specific interface used, i.e. en0.

Next, open Terminal.app in macOS and enter the the following command to temporarily adjust the MAC address broadcast to that of the device to spoof:

$ sudo ifconfig en0 ether 98:01:a7:a1:f6:77

Confirm the change by grepping the ether setting of the interface used:

$ ifconfig en0 | grep ether

If everything looks good reconnect to the network, authenticate using a browser and then set the MAC to its original Hardware Address.

Once finished disconnect macOS from the network and set the MAC address broadcast back to its original Hardware Address.

That’s it!

You should now be able to connect your IoT device to the network without further authentication, at least for the time-being.

Spoofing MAC addresses works great at cafes, coworking spots, hotels and more. Use it to connect cameras, Apple TV, Raspberry Pi you name it. Just mind the security of the network you’re on and take care to encrypt any sensitive data being sent in the clear.

Ledger Nano X - The secure hardware wallet