Automatic Attendance Taking: A Proof of Concept on Privacy Concerns in 802.11 MAC Address Probing

  • Yichiet AunEmail author
  • Ming-Lee Gan
  • Yen-Min Jasmina KhawEmail author
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1132)


Modern data communication paradigm involves many unsolicited data transmissions that poses privacy issues given the proliferation of big data and artificial intelligence (A.I.). In 802.x protocol which dominate wireless communication; Wi-Fi enabled devices voluntarily embed devices MAC address during SSID discovery when connecting to access point (AP). Such vulnerability has been massively exploited for unauthorized devices tracking without user consents. This paper proposed an opportunistic attendance taking system (OATA) using MAC address probing as a proof of concepts to demonstrate the significance of this exploit. The intuition is that student’s attendance can be implied based on the MAC address of their mobile devices when approaching lecture hall installed with AP(s). The body of this work focuses on comparing the OATA to some prominent attendance taking methods in pervasiveness and accuracy. For the operational hypothesis, a non-synthetic dataset is used for experimental evaluation to simulate realness and to minimize hawthorn effect. OATA is designed to circumvent MAC address randomization that is used on modern IOS and Android OS for accurate tracking. The experimental results showed that OATA is highly accurate at capturing device’s presence; achieving true positive rate (TPr) of 0.938 and false positive rate (FPr) of 0.063 with fast convergence time. The significance of this study highlight the concerns that big data coupled with increasingly intelligent A.I. can divulge more information than originally intended. Consequently, user’s privacy is compromised as their personal communication devices are demonstrated to be potentially exploited for unsolicited location tracking.


802.11 SSID probes Unsolicited tracking Big data Data privacy Attendance taker 


  1. 1.
    Gruschka, N., Mavroeidis, V., Vishi, K., Jensen, M.: Privacy issues and data protection in big data: a case study analysis under GDPR. In: 2018 IEEE International Conference on Big Data (Big Data), Seattle, WA, USA, pp. 5027–5033 (2018)Google Scholar
  2. 2.
    Dev Mishra, A., Beer Singh, Y.: Big data analytics for security and privacy challenges. In: 2016 International Conference on Computing, Communication and Automation (ICCCA), Noida, pp. 50–53 (2016)Google Scholar
  3. 3.
    Chinw’s e-wallet success is an example for Southeast Asia players. Accessed 15 June 2019
  4. 4.
    Miao, M., Jayakar, K.: Mobile payments in Japan, South Korea and China: cross-border convergence or divergence of business models? Telecommun. Policy 40(2–3), 182–196 (2016)CrossRefGoogle Scholar
  5. 5.
    Number of smartphone users worldwide from 2014 to 2020 (in billions). Accessed 15 June 2019
  6. 6.
    Khatoon, A., Corcoran, P.: Privacy concerns on Android devices. In: IEEE International Conference on Consumer Electronics (ICCE), Las Vegas, NV, pp. 149–152 (2017)Google Scholar
  7. 7.
    Sahnoune, Z., Aïmeur, E., Haddad, G.E., Sokoudjou, R.: Watch Your Mobile Payment: An Empirical Study of Privacy Disclosure, IEEE Trustcom/BigDataSE/ISPA, Helsinki, pp. 934–941 (2015)Google Scholar
  8. 8.
    Hellebrandt, M., Mathar, R.: Location tracking of mobiles in cellular radio networks. IEEE Trans. Veh. Technol. 48(5), 1558–1562 (1999)CrossRefGoogle Scholar
  9. 9.
    Mihaylova, L., Angelova, D., Honary, S., Bull, D.R., Canagarajah, C.N., Ristic, B.: Mobility tracking in cellular networks using particle filtering. IEEE Trans. Wirel. Commun. 6(10), 3589–3599 (2007)CrossRefGoogle Scholar
  10. 10.
    Zaidi, Z.R., Mark, B.L.: Real-time mobility tracking algorithms for cellular networks based on Kalman filtering. IEEE Trans. Mob. Comput. 4(2), 195–208 (2005)CrossRefGoogle Scholar
  11. 11.
    Schilit, B., Hong, J., Gruteser, M.: Wireless location privacy protection. Computer 36(12), 135–137 (2003)CrossRefGoogle Scholar
  12. 12.
    Smith, M., Szongott, C., Henne, B., von Voigt, G.: Big data privacy issues in public social media. In: 6th IEEE International Conference on Digital Ecosystems and Technologies (DEST), Campione d’Italia, pp. 1–6 (2012)Google Scholar
  13. 13.
    Li, M., Zhu, H., Gao, Z., Chen, S., Yu, L., Hu, S., Ren, K.: All your location are belong to us: breaking mobile social networks for automated user location tracking. In: Proceedings of the 15th ACM International Symposium on Mobile Ad Hoc Networking and Computing, Philadelphia, Pennsylvania, USA, pp. 43–52 (2014)Google Scholar
  14. 14.
    Yun, H., Han, D., Lee, C.C.: Understanding the use of location-based service applications: do privacy concerns matter? J. Electr. Commer. Res. 14(3), 215–230 (2013)Google Scholar
  15. 15.
    24 Best GPS Tracking Apps for Android. Accessed 15 June 2019
  16. 16.
    Chen, Y., Luo, R.: Design and implementation of a WiFi-based local locating system. In: IEEE International Conference on Portable Information Devices, Orlando, FL, pp. 1–5 (2007)Google Scholar
  17. 17.
    Sakib, M.N., Halim, J.B., Huang, C.: Determining location and movement pattern using anonymized WiFi access point BSSID. In: 7th International Conference on Security Technology, Haikou, pp. 11–14 (2014)Google Scholar
  18. 18.
    Alshamaa, D., Mourad-Chehade, F., Honeine, P.: Mobility-based tracking using WiFi RSS in indoor wireless sensor networks. In: 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS), Paris, pp. 1–5 (2018)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2020

Authors and Affiliations

  1. 1.Faculty of Information and Communication TechnologyUniversiti Tunku Abdul RahmanKamparMalaysia

Personalised recommendations