Your wireless devices are helping hackers track and profile you!
This is quite old news but still something many people are unaware of. This isn’t due to malware or malicious intent or even something that can be patched it is simply hackers (and legitimate companies) leveraging how wireless devices work. With some easily available tools and services and the right knowledge your wireless devices can leak a fair amount of information. Which can be collected and used to profile how you spend your day by places you visit.
So, how does it work?
When you turn the Wi-Fi on your device (in this instance an iPhone) the first thing your phone does is look for known networks. This is why it instantly connects to your home or work wireless or maybe the Starbucks you go to each morning. It does this by sending a ‘Probe request’. This is a packet sent to any networks asking for a particular SSID (Wi-Fi name).
I will not bore any of you with the make-up of a data packet so for ease I will just use a simplified diagram that will illustrate the data. This can then be proven with a capture of these packets using a tool later.
My phone has been connected to “HomeWIFI”, “SafeHackWIFI”, “UoPStudentsMedia1” (an old University of Portsmouth Wi-Fi network), in this example 3 packets are sent out which will look like this:
These known networks will be probed for every time the Wi-Fi on the phone is turned on or anytime connection to a wireless network is lost. So far this may not seem to invasive – however I or another user can intercept these packets. After all your phone is basically just shouting them out to anybody who will listen. So using some software I have grabbed these 3 wireless networks that your phone is looking for and I know the SSID of them. I can then use these SSID’s and a free service called “Wigle” to find out where in the world these networks are.
You can see in the screen grab above I have highlighted the UoP Wi-Fi found using the service and this has been kindly plotted onto a map. How accurate is this? VERY…Having studied at this university and joined this network I would say the image above is just about perfect for the location of that network.
How does Wigle work?
Wigle has been compiled by a process called ‘Wardriving’. This is essentially when a person using devices such as a GPS receiver and a Wi-Fi antenna (such as an iPhone or Android phone) drive around and every time they detect a new wireless network (whether they connect to it or not) they upload the GPS coordinates to the Wigle service.
Is it really that simple to get this information?
Using a networking tool known as WireShark and a specific type of wireless card – yes it is!
Here you can see a probe broadcast and then clear as day my laptop in this case probing for the “SafeHackWIFI” wireless network. With the SSID I can use Wigle to get a location as seen above.
How do I stay safe?
There are really only two things you can do to prevent your wireless device from giving out this network information. These are:
Turn your Wi-Fi off when you are not using it
Forget networks so your device doesn’t constantly probe for every wireless network you have ever connected to.
The positive side effect of turning your Wi-Fi off on your phone when you don’t want to use it is also a prolonged battery life. This is because your phone wants to connect to Wi-Fi, to be helpful. Anybody who has been to London or any other city flooded with networks they don’t know will probably have noticed the battery life on their phone draining in front of them as the phone constantly sends out Probes and listens for Beacons (the packet that a wireless network shouts out to let devices know it is there).