how talkative is your mobile device? an experimental study of wi-fi probe requests julien freudiger,...
TRANSCRIPT
How Talkative is your Mobile Device?An experimental Study of Wi-Fi Probe RequestsJulien Freudiger, PARC (A Xerox Company)
Andreas Gursky, 99 cents
Passive Network Discovery
RouterBeacons
Active Network Discovery
Router
Probe Requests
Probe Response
FastEnergy efficientSupports mobilitySupports hidden networks
Threat
Wi-Fi Probe RequestsAre non-encryptedContain MAC addressMay contain SSID
Easy to collect by passive eavesdropper
Setup sniffing materialMobile Location Analytics
Research Questions
How can we design an experiment to efficiently collect Wi-Fi probe requests?
When and how often are Wi-Fi probe requests broadcasted?
What about privacy mechanisms in place?
Experimental Setup
How many antennas? Which mobile devices?
Sniffer
2.4GHz 5GHz
11 channels 21 channels
Mobile Devices
iPhone 6 iOS 8.1.3
Nexus 5Android L 5.0.1
Samsung Galaxy S3CyanogenMod 11
Android 4.4.2
Blackberry Q10OS 10.3.1
Charged, connected to charger, no apps running, Bluetooth off, locked
Capture Configurations
Probing Bursts
Regular bursts of Wi-Fi probe requests
Known SSIDs
On average,Android L and 4.4.2 >1000iOS ~100Blackberry 0
Know Networks Frequency
0 Known SSIDs 4 Known SSIDs 20 Known SSIDs
With 4 known SSIDs, Android L broadcasts every 66 seconds, Android 4.4.2 every 72 seconds, iOS every 330 seconds
Device Configurations
WiFiConnected: Android L continues broadcastKnownInProximity: Android 4.4.2 broadcasts a
lot more
Privacy Protection
121 probes with true MAC address, and could re-identify 16 randomized probes
Opt-Out?
Self-regulated code of conduct by Future of Privacy Forum
https://optout.smart-places.org https://www.ftc.gov/system/files/documents/public_comments/2014/03/00002-88948.pdf
Conclusion
We quantify threat posed by Wi-Fi probe requests
Third parties can monitor billions of mobile device precisely today (approx. every minute)Possible to re-identify iOS randomized probesPrivacy-conscious users might be wise to turn off their Wi-Fi interface when not in use
Future WorkTest other configurationsTest other re-identification attacks