Abstract
Probe requests help mobile devices discover active Wi-Fi networks. They often contain a multitude of data that can be used to identify and track devices and thereby their users. The past years have been a cat-and-mouse game of improving fingerprinting and introducing countermeasures against fingerprinting.
This paper analyses the content of probe requests sent by mobile devices and operating systems in a field experiment. In it, we discover that users (probably by accident) input a wealth of data into the SSID field and find passwords, e-mail addresses, names and holiday locations. With these findings we underline that probe requests should be considered sensitive data and be well protected. To preserve user privacy, we suggest and evaluate a privacy-friendly hash-based construction of probe requests and improved user controls.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
References
Acar, C.: Whitepaper: Smart Store (2018). https://www.ehi.org/de/studien/whitepaper-smart-store/
Apple Inc.: Use private Wi-Fi addresses on iPhone, iPad, iPod touch, and Apple Watch. https://support.apple.com/en-us/HT211227
Apple Inc.: Apple Platform Security (2021). https://manuals.info.apple.com/MANUALS/1000/MA1902/en_US/apple-platform-security-guide.pdf
Bernardos, C.J., Zuniga, J.C., O’Hanlon, P.: Wi-Fi internet connectivity and privacy: hiding your tracks on the wireless Internet. In: IEEE Conference on Standards for Communications and Networking (CSCN), pp. 193–198. IEEE (2015). https://doi.org/10.1109/CSCN.2015.7390443, http://ieeexplore.ieee.org/document/7390443/
Cunche, M., Kaafar, M.A., Boreli, R.: Linking wireless devices using information contained in Wi-Fi probe requests. Pervas. Mobile Comput. 11, 56–69 (2018)
Dagelić, A., Perković, T., Čagalj, M.: Location privacy and changes in WiFi probe request based connection protocols usage through years. In: International Conference on Smart and Sustainable Technologies (SpliTech), pp. 1–5. IEEE (2019)
Harkins, D.: Wi-Fi CERTIFIED Enhanced Open™: Transparent Wi-Fi® protections without complexity. https://www.wi-fi.org/beacon/dan-harkins/wi-fi-certified-enhanced-open-transparent-wi-fi-protections-without-complexity
Deutscher Bundestag: Datenschutzrechtliche Zulässigkeit des WLAN-Trackings (2021). https://www.bundestag.de/resource/blob/538890/3dfae197d2c930693aa16d1619204f58/WD-3-206-17-pdf-data.pdf
Ebbecke, P.: Protected Management Frames enhance Wi-Fi Network Security (2020). https://www.wi-fi.org/beacon/philipp-ebbecke/protected-management-frames-enhance-wi-fi-network-security
European Union: Regulation (EU) 2016/679 - general data protection regulation. Official J. Eur. Union L119, 1–88 (2016). http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:2016:119:TOC
Fenske, E., Brown, D., Martin, J., Mayberry, T., Ryan, P., Rye, E.C.: Three years later: a study of MAC address randomization in mobile devices and when it succeeds. In: PETS 2021, pp. 164–181 (2021)
Freudiger, J.: How talkative is your mobile device? An experimental study of Wi-Fi probe requests. In: WiSec 2015. ACM (2015). https://doi.org/10.1145/2766498.2766517
Google Android Documentation: Implementing MAC Randomization (2021). https://source.android.com/devices/tech/connect/wifi-mac-randomization
Google Android Documentation: MAC Randomization Behavior (2022). https://source.android.com/devices/tech/connect/wifi-mac-randomization-behavior
Goovaerts, F., Acar, G., Galvez, R., Piessens, F., Vanhoef, M.: Improving privacy through fast passive Wi-Fi scanning. In: Askarov, A., Hansen, R.R., Rafnsson, W. (eds.) NordSec 2019. LNCS, vol. 11875, pp. 37–52. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-35055-0_3
Gu, X., Wu, W., Gu, X., Ling, Z., Yang, M., Song, A.: Probe request based device identification attack and defense. Sensors 20(16), 4620 (2020). https://doi.org/10.3390/s20164620, https://www.mdpi.com/1424-8220/20/16/4620
Harkins, D., Kumari, W.A.: Opportunistic Wireless Encryption. RFC 8110, March 2017. https://doi.org/10.17487/RFC8110, https://rfc-editor.org/rfc/rfc8110.txt
IEEE: IEEE STD 802.11 - Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications (2020). https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9363693
Martin, J., et al.: A study of MAC address randomization in mobile devices and when it fails. In: PETS 2017, vol. 4, pp. 268–286 (2017)
Martinez, S.: Update add network dialog to not make networks hidden by default (2018). https://android.googlesource.com/platform/packages/apps/Settings/+/8bc3fa0649a3ecff5e42fb0d14ddb8ff6f7f7507
McElhearn, K.: How to Remove Wi-Fi Networks from Your Mac and iOS Device. The Mac Security Blog (2021). https://www.intego.com/mac-security-blog/how-to-remove-wi-fi-networks-from-your-mac-and-ios-device/
Pang, J., Seshan, S.: Tryst: the case for confidential service discovery. In: HotNets 2007 (2007)
Post, T.: Scharfe Kritik an Frequenzmessung. Kieler Nachrichten (2017). https://www.kn-online.de/Lokales/Eckernfoerde/Datenschutz-Diskussion-um-WLAN-Tracking-in-Eckernfoerder-Innenstadt
Redondi, A.E., Cesana, M.: Building up knowledge through passive WiFi probes. Comput. Commun. 117, 1–12 (2018)
Schepers, D., Ranganathan, A., Vanhoef, M.: Let numbers tell the tale: measuring security trends in Wi-Fi networks and best practices. In: WiSec 2021, pp. 100–105. ACM (2021). https://doi.org/10.1145/3448300.3468286
statcounter: Mobile & Tablet Android Version Market Share Worldwide - December 2021 (2021). https://gs.statcounter.com/os-version-market-share/android/mobile-tablet/worldwide#monthly-202112-202112-bar
statcounter: Mobile & Tablet iOS Version Market Share Worldwide - December 2021 (2021). https://gs.statcounter.com/ios-version-market-share/mobile-tablet/worldwide/#monthly-202112-202112-bar
statcounter: Mobile operating system market share worldwide (2021). https://gs.statcounter.com/os-market-share/mobile/worldwide
Struever, A.: Vorteile und Nachteile WLAN-Tracking - Ist WLAN-Tracking DSGVO-Konform? (2019). https://www.expocloud.com/de/blog/vorteile-und-nachteile-wlan-tracking-wifi-tracking
Tan, J., Chan, S.H.G.: Efficient association of Wi-Fi probe requests under MAC address randomization. In: INFOCOM 2021, pp. 1–10. IEEE (2021)
Unabhängiges Landeszentrum für Datenschutz: 5.4.8 - Offline-Tracking/Ortung von Mobiltelefonen in Fußgängerzone. Unabhängiges Landeszentrum für Datenschutz (2021). https://www.datenschutzzentrum.de/tb/tb37/kap05.html
Vanhoef, M., Matte, C., Cunche, M., Cardoso, L.S., Piessens, F.: Why MAC address randomization is not enough: an analysis of Wi-Fi network discovery mechanisms. In: Asia CCS 2016, pp. 413–424. ACM (2016). https://doi.org/10.1145/2897845.2897883
Zhao, F., Shi, W., Gan, Y., Peng, Z., Luo, X.: A localization and tracking scheme for target gangs based on big data of Wi-Fi locations. Clust. Comput. 22(1), 1679–1690 (2018). https://doi.org/10.1007/s10586-018-1737-7
Zúñiga, J.C., Bernardos, C.J., Andersdotter, A.: MAC address randomization. Technical report, IETF, July 2021. https://datatracker.ietf.org/doc/html/draft-zuniga-mac-address-randomization-01
Acknowledgements
We would like to thank our reviewers for their valuable and constructive feedback.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Appendix
A Appendix
1.1 A.1 Ethical collection of probe requests
Following approval and in coordination with the ethics committee of the informatics faculty of the University of Hamburg, we conformed to the following measures to observe and protect users’ privacy rights:
-
During the time of the experiment, we set up a well visible sign declaring the undergoing probe request monitoring, including information on how to contact the person in charge.
-
We informed and obtained consent from building management to conduct the experiment.
-
We provided an option to remove recorded probe requests should participants state their non-consent.
-
We used off-the-shelf wireless USB antennae with a limited range to narrow the radius of our measurement
-
In case the data set contains personal information, we either anonymise it before storing, or delete it directly after analysing it.
-
Any personal data is stored securely, both technically as well as organisationally, to prevent misuse.
-
To preserve location privacy, we limit the amount of decimal places of the coordinates returned by WiGLE to 2, thereby providing an approximate 1-kilometre radius in which the actual network can be found.
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Ansohn McDougall, J., Burkert, C., Demmler, D., Schwarz, M., Hubbe, V., Federrath, H. (2022). Probing for Passwords – Privacy Implications of SSIDs in Probe Requests. In: Ateniese, G., Venturi, D. (eds) Applied Cryptography and Network Security. ACNS 2022. Lecture Notes in Computer Science, vol 13269. Springer, Cham. https://doi.org/10.1007/978-3-031-09234-3_19
Download citation
DOI: https://doi.org/10.1007/978-3-031-09234-3_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-09233-6
Online ISBN: 978-3-031-09234-3
eBook Packages: Computer ScienceComputer Science (R0)