Cipher
Labs

← Back to projects

"I Can Track You" Project

'I can track you, they can track you, EVERYBODY can track you!'

June 2, 2014



The use of mobile devices has been increasing each year. All of us have been influenced by its spread and use. We use them on a daily basis as a form of social interaction and to be connected to the internet 24/7.

How and where we use these devices puts in jeopardy the privacy and security of our information.

By using these kind of devices with Wi-Fi technology we may be transmitting valuable information to a malicious user that can use it to find our routine, address, workplace or even track us in real time.

Smartphones along with most mobile devices usually keep the last Wi-Fi networks they were connected to. These networks have a unique name designated ESSID (Extended Service Set Identification) that is one of the identifiers of wireless networks. However every time a mobile device has the Wi-Fi turned on, it transmits information about the networks it has been connected to or have been configured. It is not a flaw or vulnerability, it is though a function witch purpose is to accelerate the connection process to a Wi-Fi network.

With the use of capture devices in a given area, it is possible to trace a person and follow their steps and movements in near real time.

The project consisted on capturing and analyzing requests, extracting information (probe requests) of mobile devices, verifying two conditions:

  • Whether they leak ESSID information from the last networks they we connected to and therefore being able to obtain the geographic location of all of these networks that the device used, through prior mapping all these networks;

  • From those that leak ESSID information, how many are vulnerable to Evil Twin attacks (attempt to mislead the Wi-Fi client by trying look like a known network using the same data collected by the client’s requests).

Captured devices:

8790 mobile devices were captured between subway stations, public transports, malls, public organizations and at Portela Airport during rush hours.

Capture average:

The average capture of device requests (from Smartphones and Tablets) was from 1100 to 1500 per hour.

Devices that leak ESSID information:

2296 devices that leaked ESSID information were detected during the study.

Devices vulnerable to Evil Twin Attacks :

Within a universe of 8790 devices, 706 were vulnerable to dishonest connections (It was only devices that automatically connected to the most known networks such as FON_ZON, PTWifi or Guest Networks were accounted for).

Conclusion

In the universe of 8790 collected devices about ~26% leaked at least one ESSID. From these 26%, about 30% are vulnerable to Evil Twin Attacks which is about 8% of the total collected devices.

The most practical and easiest way to protect your device is to turn the Wi-Fi on only when necessary.

The Android systems obtained different results depending of their manufacturer and their system version. It was possible to track several devices that leaked information of all the Wi-Fi networks they were connected to but at the same time some of tracked devices didn't show this behavior. In general, a large number of devices have a mechanism that disables the auto-connect option protecting the end user from Evil Twin Attacks previously mentioned.

Useful advises:

  • Turn off the Wi-Fi when it is not being used;

  • Deactivate the auto-connect option.