A recent experiment by researchers from the University of Hamburg has shown how smartphone Wi-Fi probing exposes sensitive information that attackers could use to steal sensitive data or comprise a device.
Wi-Fi probing is a standard function that lets mobile devices rapidly connect to Wi-Fi hotspots.
It works by broadcasting probe requests to find access points a device had previously been associated with, making it easy for a smartphone, tablet, or laptop to reconnect to a Wi-Fi network it recognizes from a previous session.
To establish the potential security flaws in this process, the researchers set up six antennas in a busy pedestrian area near the center of a German city to capture Wi-Fi probes in several channels.
Over three hours, they captured 252,242 probe requests in the 2.4GHz and 5GHz W-Fi spectrum bands.
They pulled 58,489 SSIDs, or network names, many of which contained numeric strings that the researchers surmised were possibly the default passwords from two brands of German home routers.
That is likely because some users accidentally input the password instead of the SSID name when manually connecting to a hidden network that does not broadcast its SSID.
“Leaking passwords in SSIDs is especially critical if, along with the password, the device also broadcasts the true SSID either correctly or with a mistype that can be used to infer the true SSID,” the researchers explained.
“The assumption that the sniffed passwords corresponded to SSIDs that were also transmitted could additionally be verified by setting up fake access points on the fly using the potential credentials we observed.”
Among the other SSIDs, the researchers captured strings from store Wi-Fi networks, 106 distinct names, three email addresses, and 92 holiday homes or accommodation added as trusted networks.
Aside from exposing your personal location history, attackers could use the information to set up rogue access points using the real SSIDs and get users to connect to that Wi-Fi network by mistake.
That way, malicious actors could steal data or deliver dangerous payloads to a device.
There are three simple ways to protect your device and data from being compromised using the flaws for Wi-Fi network probing as explained above:
- Keep your smartphone’s software up to date. Android and iOS updates often contain security fixes for various components, including Wi-Fi.
- Disable auto-joining Wi-Fi networks on your mobile device.
- Remove SSIDs (networks) you no longer connect to.
South African ethical hacking team SensePost, now a part of Orange Cyberdefense, have long warned about the dangers of Wi-Fi probes.
Although many websites use encryption to make it difficult for attackers to capture your login details for online accounts and services, they can still gather plenty of information about you just by observing your network traffic.
Now read: Tshwane free Wi-Fi tested, with mixed results