Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wi-Fi Sniffing Lets Researchers Build Graph of Offline Social Networks

Posted by Unknown on from the think-before-you-connect dept.

angry tapir writes "The probe requests emitted by a smartphone as it seeks a Wi-Fi network to connect reveal the device's manufacturer thanks to its MAC address. This can offer some information about a crowd of people by looking at the breakdown by device brand. However, because some OSes include a preferred network list (PNL) in their probes, it may be possible to use Wi-Fi sniffing to infer even more information about a group of people by looking for common SSIDs, and potentially mapping them to known network locations (PDF). A group of Italian researchers has been looking at ways to use the information in probe requests to analyze the social connections of crowds." The idea being that if you share preferred networks (especially ones only seen infrequently) you are more likely to be socially connected.

38 comments

  1. McDonalds WiFi SSID by EMG+at+MU · · Score: 2, Funny

    Let me guess, if you share that preferred network you might be part of the overweight social circle?

    Do strip joints have WiFi? That would be another interesting social circle. Now you can know who in the office likes to kick back and watch the talent.

    1. Re:McDonalds WiFi SSID by davester666 · · Score: 1

      ...or is the talent...

      --
      Sleep your way to a whiter smile...date a dentist!
  2. Sniffing Wi-Fi? by Anonymous Coward · · Score: 0

    Didn't Google just take a whole lot of heat for 'sniffing Wi-Fi networks' without permission?

    1. Re:Sniffing Wi-Fi? by cheater512 · · Score: 1

      Technically they stored captured data accidentally.
      These guys aren't looking at transmitted data, just who is transmitting.

    2. Re:Sniffing Wi-Fi? by Anonymous Coward · · Score: 0

      Ogle, MicroShaft, Facecrook, Crapple

      Don't post angry. It makes you look like a fool.

  3. Yeah right by Fnord666 · · Score: 2

    Like anyone is using their real MAC address anyway.

    --
    'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
    1. Re:Yeah right by Anonymous Coward · · Score: 0

      Durr hurr, look at the big man with 666 in his name. Oh internet tough guy, how dare anyone think anything other than what you believe is the best.

    2. Re:Yeah right by X0563511 · · Score: 1

      Newsflash: people still use the accounts they registered when they were teens or children.

      --
      For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
    3. Re:Yeah right by Hadlock · · Score: 1

      You can pry my AIM Screenname created in 1995 from my cold, cramped and carpal tunnel syndrome'd hands.

      --
      moox. for a new generation.
  4. Illegal by Solandri · · Score: 3, Informative

    Didn't you get the memo? The courts think sniffing open wifi networks is a violation of wiretap laws.

    1. Re:Illegal by Lashat · · Score: 1

      They be Italian types...arrr.

      --
      For every benefit you receive a tax is levied. - Ralph Waldo Emerson
    2. Re:Illegal by stenvar · · Score: 1

      But... but... I thought European privacy protections were supposed to be so strong. Wasn't that why Google was demonized in Europe so much for their (rather innocent) WiFi capture?

    3. Re:Illegal by Anonymous Coward · · Score: 1

      Typical for an American to think that the US == the world.

    4. Re:Illegal by Anonymous Coward · · Score: 0

      Wiretap laws? Like that means anything to the american government!

    5. Re:Illegal by semi-extrinsic · · Score: 1

      There's Europe, and then there's Europe. The southern countries, and Italy and Greece in particular, are much closer to the US in terms of low consumer rights, low median income and high unemployment than the northern countries are.

      --
      for i in `facebook friends "=bday" 2>/dev/null | cut -d " " -f 3-`; do facebook wallpost $i "Happy birthday!"; done
    6. Re:Illegal by stenvar · · Score: 1

      Here's one set of income data, but you can check plenty of others if you like:

      http://www.oecdbetterlifeindex.org/topics/income/

      Norway is doing quite well, of course, but Norway is a xenophobic oil- and resource-rich country of 5 million that stays out of the EU because it knows the EU would suck its wealth away in a heartbeat.

      As for consumer rights, where do you think they came from? The Pope? Adorno (as if you'd know who that is)? The EU? Norwegian trolls like you? Find out some time.

      Maybe you should go beyond your second rate public education and government sponsored nationalism and actually find out what's really going in the world. You'd be surprised.

    7. Re:Illegal by semi-extrinsic · · Score: 1

      If you read my original post, I said median income, not average. The average income in the US is 40% higher than the median income, in large part because the top 4% earn above $ 200,000 per year.

      --
      for i in `facebook friends "=bday" 2>/dev/null | cut -d " " -f 3-`; do facebook wallpost $i "Happy birthday!"; done
    8. Re:Illegal by stenvar · · Score: 1

      If you read my original post, I said median income, not average.

      If you read my post, you'd see that I told you to go out and do some research before spouting the kind of nonsense that you did. I'm still telling you that; if you actually do, you'll find that your statements are ludicrous, median or mean.

      in large part because the top 4% earn above $ 200,000 per year.

      Yes, people like skilled software developers, biomedical researchers, entertainers, commercial artists, doctors, lawyers, professors, etc. make that kind of money. The US rewards success and contributions to the bottom line financially, which is probably why so many people choose to live here. A company like Apple makes $2M in revenue per employee, it stands to reason that at least a few thousand of their top employees should make more than $200k, and they do. Same for most other successful companies.

      Norwegians, on the other hand, just seem to be making money from extractive industries, redistributing the revenue, and having a party: http://en.wikipedia.org/wiki/File:Norway_treemap.png

      And after years of studying, making sacrifices, and becoming a kick-ass software developer in Norway, you'll have to accept the fact that you'll probably still be no better off than your plumber.

    9. Re:Illegal by detritus. · · Score: 1

      Irrespective of whether Google should be liable for legal damages, there's a big distinction between logging 802.11 proble requests with a source MAC address and actual content of communications between two entities. The issue for Google was specifically logging unencrypted data as it channel hopped and dumped the traffic into presumably pcap files. I think it's a question of the scope of what you're logging.

  5. snoopin in places I didn't know I had places by Iamthecheese · · Score: 3, Funny

    These scurvy snoops be too interested in things that don't concern them. Must I hide not only me mac, computer name, browser type, and personal information but local network addresses as well? I'm really tired o' puttin' up new curtains. Me treasure maps will be well hid no matter how I have to do it but I'm wanting to put me wooden leg up some CEO asses.

    --
    If video games influenced behavior the Pac Man generation would be eating pills and running away from their problems.
    1. Re:snoopin in places I didn't know I had places by djradon · · Score: 1

      Arrr, ye must hide PDL, cookies, MAC addy, IP address, hostname, and browser fingerprint. In Soviet Russia 2022, everybody knows everybody's treasure.

  6. Linksys or Netgear by Anonymous Coward · · Score: 0

    Time to rename my home access point to something common -- just put a password on it.

    1. Re:Linksys or Netgear by cheater512 · · Score: 1

      Except that puts you in the dumbass social circle and get targeted ads for Honey Boo Boo and similar things.

    2. Re:Linksys or Netgear by Anonymous Coward · · Score: 0

      Except that puts you in the dumbass social circle and get targeted ads for Honey Boo Boo and similar things.

      Anyone who knowingly allows themselves to be targeted with corporate propaganda/vectored malware already is a "dumb-ass." Pointing out that there are different varieties of targeted dumb-asses is akin to rearranging the deckchairs on the Titanic.

      I have no idea what the hell a "Honey Boo Boo" is, and it sounds uninteresting enough for me to avoid seeking out its meaning.

    3. Re:Linksys or Netgear by Anonymous Coward · · Score: 0

      You realize that if you're android phone is connecting to that access point, Google now has that password? Google stores all your wifi access passwords in the cloud.

    4. Re:Linksys or Netgear by X0563511 · · Score: 1

      I'm not sure I understand how a webserver is supposed to know what your SSID is, or even that you're using wifi.

      --
      For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
  7. Hah by Richy_T · · Score: 2

    This is why I keep my phone under my tinfoil hat.

  8. my apartment by slashmydots · · Score: 1

    There's one SSID called "secret government wifi" with inappropriate emoticons and such after it. While there is only one, I can tell you that in reality most of the other residents are douchebags too. So it's actually not that accurate of a method.

  9. Turn off Wi-Fi automatically in Android by MOSFET+Explosion · · Score: 1

    There's a couple of apps for Android that can automatically turn on and off wifi depending on you're location. The one I ended up with was Llama. It uses cell tower IDs to identify your areas (home, work, etc.) and then you select various actions that activate when entering or leaving those areas (such as turning on/off wifi, bluetooth, changing ringer volume, etc.)

    1. Re:Turn off Wi-Fi automatically in Android by semi-extrinsic · · Score: 1

      +1 for Llama. I use it to turn my phone to silent at work, and then the sound back on again when I leave work. Also, why do people leave their wifi on? I always do: unlock screen, turn on wifi, do whatever, turn off wifi, lock screen. Gets me almost 20% increase in battery life (Android 2.3).

      --
      for i in `facebook friends "=bday" 2>/dev/null | cut -d " " -f 3-`; do facebook wallpost $i "Happy birthday!"; done
  10. Another example of data "leakage" by WuphonsReach · · Score: 3, Insightful

    Eh, the better question is "why does your computer leak data other then the MAC address"? Which is exactly what the PNL (preferred network list) is doing.

    Sure, it might save battery life, but information leakage like that should be off by default.

    --
    Wolde you bothe eate your cake, and have your cake?
    1. Re:Another example of data "leakage" by jrumney · · Score: 3, Informative

      Because some people configure their access points to not broadcast the SSID in the misguided belief that they can add a layer of security by doing that, devices will actively try to connect to networks that they cannot see. So anyone anywhere can see your device periodically trying to connect to every network that it is configured to connect to automatically. This doesn't save battery life, if anything it uses more than sitting passively listening for known networks would, but the idiocy of hidden SSIDs is widespread enough that it is necessary for WiFi to just work for mobile devices.

    2. Re:Another example of data "leakage" by semi-extrinsic · · Score: 2

      According to this, Android only broadcasts a partial PNL: it sorts network into those you added from the scanning list and those you have configured manually. It assumes that all SSIDs configured manually are hidden ones, for which it must broadcast the PNLs. So if you have never added a network manually on your Android phone, the PNL broadcast list is empty.

      --
      for i in `facebook friends "=bday" 2>/dev/null | cut -d " " -f 3-`; do facebook wallpost $i "Happy birthday!"; done
    3. Re:Another example of data "leakage" by Anonymous Coward · · Score: 0

      So if you want to keep your SSID a secret (which of course you can't), Android helps you by broadcasting it all the time from any phone that was ever connected. Wonderful idea.

    4. Re:Another example of data "leakage" by Anonymous Coward · · Score: 0

      thats how joogle makes its money, and stakes their claims to greatness.

      parasitic "IT"

      similar to the "monetization" of sms/text messages. upon introduction (in Japan), the technology people said "this is great, people can sent text-messages which piggyback on the voice-data-telephone network at a tiny fraction of the voice-data!" "It`s so small a fraction, its FREE!"
      then came along the joogles.....

      privacy violations, construing and misrepresenting data-strings and "trends" for their own (dubiously corporate) ends.

    5. Re:Another example of data "leakage" by Anonymous Coward · · Score: 0

      Because some people configure their access points to not broadcast the SSID in the misguided belief that they can add a layer of security by doing that, devices will actively try to connect to networks that they cannot see. So anyone anywhere can see your device periodically trying to connect to every network that it is configured to connect to automatically. This doesn't save battery life, if anything it uses more than sitting passively listening for known networks would, but the idiocy of hidden SSIDs is widespread enough that it is necessary for WiFi to just work for mobile devices.

      Hey, the current edition of the Windows 7 Configuration Guide (part of getting a MCP certification) lists this as a recommended security practice!

  11. I cleverly trick them into underestimating me... by Anonymous Coward · · Score: 0

    Yep, but unlike actual dumbasses, I won't see any of the ads.