This is BAD from a security perspective, which is why I find it really interesting, and this will be explained shortly.Īdditionally, I had a genuine interest in this subject. If you believe you know someone's phone via MAC Address, you can see their past advertised networks and use a tool like Wigle to see where that network has been recorded in the real world. That is what I am interested in, as not only can you 'fingerprint' someone by their unique list of 'advertised' saved networks their phone progressively iterates through broadcasting, you can see where they've been in the real world. When your device has WiFi enabled but is not connected to an Access Point it sends out probe requests, sometimes Broadcasts (to 'anyone' who is an access point to respond to), but other times it will explicitly list the name of the network it wishes to connect to. Take a look now on your Android or iOS phone, the list is usually in the WiFi settings somewhere. Most people then forget this and build up a massive list of 'Saved Networks'. However, the 802.11 specification (.WiFi) also allows personal devices to send out 'Probe Requests' blindly around them in the hope that a nearby familiar access point will realise "Hey, that's me! I better Beacon again myself so that device can see me and then elect to connect to me".īut what is a 'familiar access point'? Well, every time you add a new WiFi network to your phone, you essentially add it to your 'favourites'. Most of the packets flying around which govern Access-Point-to-Client connectivity do indeed originate from the Access Points. When device's see a familiar SSID they join, right? Most people have a misconception about WiFi and assume that the Access Points are always broadcasting somehow to make themselves visible to devices.
0 kommentar(er)
