Wi-Fi technology, available in the vast majority of mobile phones, tablets, laptops and other computing devices we use in our daily lives, has enabled widespread use of new applications and services. On the other hand, this technology has a number of issues related to privacy loss, exacerbated by its ubiquity. Our research, published in [1], shows how the information freely transmitted by the Wi-Fi protocol can be used to discover links between people i.e. whether they are family, friends, colleagues etc.
Wi-Fi and privacy
Wi-Fi protocol includes potential sources of personal information leaks. Wi- Fi capable devices commonly use active discovery mode to find the available Wi-Fi access points (APs). This mechanism includes broadcast of the AP names to which the mobile device has previously been connected, in plain text, which may be easily observed and captured by any Wi-Fi device monitoring the control traffic. The combination of the AP names belonging to any single mobile device can be considered as a Wi-Fi fingerprint which can be used to identify the user to whom the mobile device belongs. Our research investigates how it is possible to exploit these fingerprints to identify links between users i.e. owners of the mobile devices broadcasting such links.
Map of the city of Sydney with access point locations.Discovering linked individuals
We have used an approach based on the similarity between the Wi-Fi fingerprints, which is equated to the likelihood of the corresponding users being linked. When computing the similarity between two Wi-Fi fingerprints, two dimensions need to be considered :
- The number of network names in common. Indeed, sharing a network is an indication of the existence of a link, e.g. friends and family that share multiple Wi-Fi networks.
- The rarity of the network names in common. Some network names are very common and sharing them does not imply a link between the users. This is the case for public network names such as e.g. McDonalds Free Wi-Fi, or default network names such as NETGEAR and linksys. On the other hand, uncommon network names such as Griffin Family Network or Orange-3EF50 are likely to be associated with a strong link between the users of these networks.
Utilising a carefully designed similarity metric, we have been able to infer the existence of social links with a high confidence: 80% of the links where detected with an error rate of 7%.
Who should worry about it
Owners of smartphones are particularly exposed to this threat, as indeed these devices are carried on persons throughout the day, connecting to multiple Wi-Fi networks and also broadcasting their connection history.
What can be done to prevent the linking
There are a number of industry and research initiatives aiming to address the Wi-Fi related privacy issues. The deployment of new technology i.e. privacy preserving discovery services, would necessitate software modifications in currently deployed APs and devices. The obvious solution, to disable active discovery mode, comes at the expense of performance and usability, i.e. with an extended time duration for the Wi-Fi capable device to find and connect to an available AP. As a possible first step, users should be encouraged to remove the obsolete connection history entries, which may lower the similarity metric and thus reduce the ease of linkage.
Our paper illustrating this study will be presented in the WoWMoM’12 conference.This work was done in collaboration with NICTA researchers.
Bibliography
[1] Mathieu Cunche, Mohamed Ali Kaafar, and Roksana Boreli. I know who you will meet this evening! linking wireless devices using Wi-Fi probe requests. In 13th IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (IEEE WoWMoM 2012), San Francisco, California, USA, June 2012. [pdf]
People
Mathieu Cunche, INRIA [web]
Mohamed Ali Kaafar, INRIA [web]
Roksana Boreli, NICTA [web]
@PrivaticsInria