StateFi: Effectively Identifying Wi-Fi Devices through State Transitions

Randomized MAC addresses aim to prevent passive device tracking, yet Wi-Fi management frames still leak structured behavioral patterns. Prior work has relied primarily on syntactic probe-request features such as Information Elements (IEs), sequence numbers (SEQ), or RSSI correlations, which degrade in dense environments and fail under aggressive randomization. We introduce StateFi, a fingerprinting framework that models device behavior as finite-state machines (FSMs), capturing both structural transition patterns and temporal execution logic. These FSMs are embedded into compact feature vectors that support efficient similarity computation and supervised classification. Across five heterogeneous campus environments, StateFi achieves 94-97% accuracy for in-network fingerprinting using full management-frame FSMs. With probe-only FSMs, it re-identifies devices under MAC randomization with up to 97% accuracy across large public datasets comprising more than a million frames. When looking at the discrimination accuracy of the model, StateFi reaches 98%, outperforming the strongest prior signature by up to 17 percentage points. These results demonstrate that FSM-level behavioral dynamics form a powerful and largely unmitigated side channel, stable enough to defeat randomization and expressive enough for robust, scalable device identification.