WLAN network search: Smartphones reveal sensitive data

Researchers recorded WiFi connection requests from passers-by. Almost a quarter of all test requests revealed the SSIDs of networks.

Researchers from the University of Hamburg conducted in November 2021 carried out a field experiment in an unnamed German city. For study purposes, they recorded the WiFi connection requests from thousands of passers-by. Using the data obtained, they wanted to find out what private information leaked out during WiFi probing. Bleeping Computer reported on this.

WiFi probing is a standard process whose purpose is to connect the smartphone to trustworthy WiFi networks in the background as a convenience function. Mobile devices do this by sending probing requests to get information about nearby Wi-Fi networks and establish a Wi-Fi connection. An access point receiving a probe request replies with a probe response, resulting in a connection being established. The procedure is considered DSVGO-compliant because anonymized MAC addresses are used in this tracking form. According to Bleeping Computer, retailers also use WiFi probing for customer tracking.

However, depending on the device age and operating system, probing requests can also reveal sensitive data about the device owner. For example, a request may include the Preferred Network List (PNL), which includes networks identified by their so-called Service Set Identifiers (SSIDs). Unlike randomized MAC addresses, PNLs remain consistent over time. This means they could be used to identify and track devices.

With WiFi connection requests to sensitive data

The researchers demonstrated in their study how to accomplish this type of device tracking. To do this, they recorded WLAN connection requests from passers-by who happened to be passing by without their knowledge. They placed six antennas in a busy pedestrian zone. Over a period of three hours, they drew 252.242 requests for inspection. From that 116.961 (46,4%) in the 2.4 GHz spectrum, of which 28.653 (24,7%) contained at least one SSID. In the 5 GHz spectrum, the experts held 135.281 test requests (58,6 %), of which contained 28.653 (21,9% ) an SSID.

Access data from FritzBoxes and Telekom routers visible

The 252.242 Test requests therefore contained 29.242 SSIDs. At 21,2% of the cases, the requests included the names of the networks to which the smartphones were connected in the past. In some cases these SSIDs hid numeric strings with 16 or more digits. The researchers suspect that these are default passwords for home routers.

Further analysis revealed that the recorded SSIDs also included strings that corresponded to the WiFi networks of shops. The experts identified 106 different first and/or last names, three E -Mail addresses and 92 different holiday homes or accommodations, the users previously added as trusted networks. The researchers stated:

“Snapping passwords in SSIDs is especially critical when the device transmits not only the password but also the real SSID either correctly or with a typo, from which one can deduce the real SSID. The assumption that the sniffed passwords match the SSIDs that were also broadcast could be further verified by quickly setting up fake access points with the potential credentials we observed.

The newer a device and its operating system, the more information and fields are omitted randomized in the probe requests. Nevertheless, even modern devices can, due to other information they contain, e.g. B. in the information elements (IE), are provided with a fingerprint. These non-mandatory parameters include information about supported rates, network capabilities, and more. The combination of the IE parameters, the signal strength and in some cases the sequence number makes it possible to fingerprint individual devices despite MAC address randomization.”

Privacy tips

Researchers advise not to use smartphones running Android 8. iOS 09 and Android 09 and newer contain the strongest data protection measures regarding audit requests. They are therefore the preferred options to avoid device identification and location tracking. Users can also prevent their devices from sending Wi-Fi probe requests when they are in public by turning off Wi-Fi.

Finally, users running Android 11 and higher, enable Advanced MAC Randomization in Developer Options to further increase your privacy protection. You should also remove the SSIDs that you no longer use.


About Antonia Frank

Antonia has been with us since January 2016 Writer at the Invisibility Cloak. She started out with book reviews. In the meantime, she prefers to write about legal topics, such as P2P cases, but she also takes up other Internet topics, such as cybercrime. Her interests are mainly related to literature.

2021 2021


Related Articles

Back to top button