Certain Atheros wireless drivers do not properly update the MAC address when changed (spoofed) by a user. This allows an active attacker to retrieve the original MAC address. In short, spoofing your MAC address does not always hide the original MAC address. http://www.mathyvanhoef.com/2013/11/unmasking-spoofed-mac-address.html -- Clauz