GoPro, Inc. — 8 prefixes (MA-L)

GoPro, Inc. (San Mateo, CA; founded 2002 by Nick Woodman) holds eight IEEE MA-L blocks, all registered to the same address at 3000 Clearview Way, San Mateo, CA 94402, US. The prefixes attach to the Wi-Fi and Bluetooth Low Energy interfaces embedded in HERO-series action cameras and their accessories, so a GoPro OUI on a network reliably flags a consumer action camera rather than enterprise hardware. Two Wi-Fi modes matter for asset classification: AP mode, where the camera creates its own SSID and a phone or the GoPro app connects to it, and Station mode, where the camera joins an existing network as an ordinary IP endpoint; BLE carries full camera control and metadata alongside. The security posture is the load-bearing reason to surface these devices. Published research documents an unencrypted HTTP command channel on a fixed IP (10.5.5.9), weak and sometimes globally-shared Wi-Fi pairing, Wi-Fi credentials leaked via Bluetooth advertising during pairing, and wake-on-Wi-Fi style listening while the camera appears off — letting a remote attacker disable indicators and record covertly. GoPro has shipped firmware fixes for some issues, but older models remain exposed, so administrators should treat a GoPro OUI as an untrusted consumer-IoT endpoint, not trusted infrastructure. As with all OUI work, IEEE publishes no registration dates; the per-prefix dates seen on third-party lookup tools are database artifacts, not IEEE facts.

IEEE assignment

8 prefixes → GoPro, registered 3000 Clearview Way, San Mateo, CA 94402, US [Confirmed] — IEEE MA-L (enrichment/registries/oui.csv local snapshot)

Registry / block size

MA-L (24-bit OUI); holds 8 IEEE prefixes (~134.2M addresses) [Confirmed] — enrichment/registries/oui.csv; maclookup.app (https://maclookup.app/vendors/gopro). NOTE: IEEE's public OUI data publishes NO assignment/registration date; any "date registered" on third-party tools is a database artifact, not an IEEE fact.

Verified prefixes (all MA-L, GoPro)

04:57:47, 24:74:F7, D4:32:60, F4:DD:9E, D4:D9:19, D8:96:85, 04:41:69, AC:04:AA [Confirmed] — IEEE MA-L / maclookup.app (https://maclookup.app/vendors/gopro)

No MA-M / MA-S entries

not present in mam.csv (MA-M) or oui36.csv (MA-S) [Confirmed] — enrichment/registries

HQ / country

San Mateo, California, US (registry address matches corporate HQ) [Confirmed] — en.wikipedia.org/wiki/GoPro

Company status

active; founded 2002 by Nick Woodman [Confirmed] — en.wikipedia.org/wiki/GoPro

Vendor site

https://gopro.com [Confirmed] — en.wikipedia.org/wiki/GoPro

Device types

HERO-series action cameras (wearable/mountable) and accessories; Wi-Fi- and BLE-enabled consumer video devices [Confirmed] — gopro.github.io/OpenGoPro/docs/, en.wikipedia.org/wiki/GoPro, gethypoxic.com/blogs/technical/gopro-hero5-interfaces

Network modes

Wi-Fi AP mode (camera is the access point) and Station mode (camera joins an existing network); BLE for full control + metadata; USB for data and power [Confirmed] — cascable.se/help/studio/gopro-connection-guide/, gopro.github.io/OpenGoPro/docs/

Registration dates note

third-party aggregators report per-prefix dates from ~2011-08-05 (D8:96:85) to ~2024-09-04 (AC:04:AA); these are database artifacts, not IEEE-published dates — treat as approximate ordering only [Confirmed (as artifacts)] — maclookup.app (https://maclookup.app/vendors/gopro)

IANA reference

none applicable to an OUI entry [Unknown/Not applicable]

Security note

documented Wi-Fi/IoT risks — unencrypted HTTP control on fixed IP 10.5.5.9, weak/globally-shared pairing, Wi-Fi credentials leaked via BLE advertising, covert recording with indicators disabled, wake-on-Wi-Fi listening; some fixed in firmware, older models still affected [Confirmed] — pentestpartners.com (https://www.pentestpartners.com/security-blog/gopro-wi-fi-issues-could-mean-stolen-video-or-worse/), thehackernews.com/2015/03/gopro-wireless-password.html, welivesecurity.com/2015/06/01/gopro-camera-spy/

Analyst note

a GoPro OUI identifies a consumer action camera or accessory — a low-sophistication IoT endpoint, not enterprise gear; flag as untrusted on sensitive networks.