Wifi Devices Leak Potentially Sensitive Information

While I was at a security conference late last year it was demonstrated using the Airodump tool for Linux; the association requests visible for all Wifi devices present within the conference room. The command used was:

airodump-ng wlan0mon -w scan.ams --showack --wps -U -M -e -g

Where scan.ams was the name of a previously gathered packet capture.

I realise this is how Wifi was designed and it is working as intended. I also realise that this issue is not new and may not be of assistance to everyone for that reason.

I was fortunate that my phone had Wifi turned off at the time, especially since I was near the front of the room. The association requests display the SSID (defined) of any previous Wifi access point a device has successfully connected to/has credentials for. These requests were shown to be constantly being sent from the devices present in the room.

Using this list of SSIDs, you can input an SSID into the Wigle website and see where in the world that wireless network is located. If you have a unique SSID that website can show the address of where you work or live.

Further information on the Airodump tool is located in the links below:

Airodump-ng

Aircrack-ng Newbie Guide for Linux

airodump-ng(1) – Linux man page

More information on association requests is available here.

Good advice to prevent this type of information disclosure from the Wifi devices that you carry with you is to turn off Wifi if you are not using it (sorry if that is very obvious). If you administer Wifi access points, set the SSID to something that won’t attract attention and choose a non-unique SSID if you can (this way the exact location of a network will be harder to find).

Thank you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s