The smartphone sends a significant amount of information when it searches for a WiFi network – PC World

German scientists have checked what data our phone sends when searching for wireless networks.

We are unaware of the extent of the tracking we are subjected to, even while walking down the street. Someone will ask: what does this mean? The answer is in a pocket, a purse, a backpack – and it’s our smartphone scanning the space for what’s available. Wi-Fi networks. The data sent on this occasion by the cameras is often used to collect information about our location and our preferences.

z-scientists University of Hamburg conducted an experiment by intercepting hundreds of thousands of requests on WIFI connection from the smartphones of passers-by. Thanks to this, they checked the types of data sent by the phones, which the owners were completely unaware of.

Also check:

WiFi network discovery is a standard process – part of the two-way communication required between a smartphone and access point (router) to establish a connection. By default and for the sake of usability, most smartphones constantly scan for available WiFi networks and connect to them if they are reliable. Many stores use smartphones to scan for WiFi networks to track the location and movements of their customers. Because such tracking only uses anonymous tracking MAC addressesis considered GDPR compliant.

Scientists decided to analyze the details of mobile scanning wireless networksto check what information phones send to access points. It turned out that in 23.2% of cases smartphones were sent to random people routers network name (SSID) with which they have associated in the past.

The results of the experiment

The experiment was carried out in November 2021 in a busy pedestrian street in the center of a German city. The research team used six antennas to capture WiFi connections in different channels and spectra. Specialists recorded all attempts to connect to the broadcast WiFi network for three hours, intercepting a total of 252,242 requests, of which 46.4% were in-band 2.4GHz and 53.6% w 5GHz.

In just three hours, the researchers obtained 58,489 SSIDs from random passers-by, which in many cases contained numeric strings of 16 or more digits that were likely to be the “default passwords” of popular home routers.

Leaking passwords contained in an SSID is a particularly serious problem if the device sends a real ID along with the password, the researchers wrote.

– The assumption that sniffed passwords match SSIDs that were also sent can be further verified by setting up fake access points on the fly using the potentials we observed identifiers.

In other collections of intercepted identifiers, researchers found strings matching information about WiFi networks stored in phones, three email addresses and the names of 92 vacation homes or accommodation establishments previously added as networks of trust. Certain types of sensitive data were sent tens, hundreds, and sometimes thousands of times over the three hours of testing.

Implications of constant WiFi scanning on mobile devices

Apart from the risk of data leakage and the possibility of connecting to a malicious hotspotthe main harmful consequence of smartphones in constant search of WiFi networks is the tracing of their owners.

There may be a solution to this problem randomization MAC addresses, which should make tracking attempts much more difficult. Systems android and iOS They’ve come a long way to make it harder to track devices, but it’s still not impossible. Newer versions operating system characterized by greater randomization and less informative content in connection requests to wireless networksbut still sends parameters such as signal strength, sequence number, network parameters, etc. All of this can create a “fingerprint” of the device that identifies it and indicates its location.

Obviously, the newer the OS version, the better the features. privacy protectionbut the availability of newer versions does not imply their immediate installation and mass application.

During the experiment described, among Android smartphones, those with version 8 and earlier accounted for about 25% of all phones with this system. In iOS, things are better thanks to a stricter software update policy Apple and long-term support, but many people still use the old models iPhone.

Previous research has also shown progress with gradual upgrades to more secure versions of operating systems. For example, in a 2014 study, 46.7% of recorded wireless smartphone requests contained SSIDs from other networks, but in two more recent studies conducted in 2016, the proportion varied from 29.9% to 36.4 %.

How to protect your privacy?

The first and easiest thing a smartphone user should do to protect their data is to upgrade their system to a newer and more secure version that provides better privacy protection. Second, it would be a good idea to delete SSIDs that you no longer use or need and are still being sent unnecessarily by your device. Third, Android and iOS provide a quick way to disable auto-connect networks, preventing hotspot attacks. Finally, users can completely disable WiFi credential requests, which can be done in advanced network settings system.

However, this approach has some practical drawbacks such as slower connection establishment, inability to be detected hidden networks and faster battery consumption. Which solution to use depends solely on the user and their specific needs and possibilities.

Source: BleepingComputer

Leave a Comment