Wifi and smartphones in a paranoid world

It seems like you can't open your favorite news website anymore without reading about privacy issues in the WiFi world. People are concerned about the information that can be gathered about them yet happily update their locations on Facebook, Four Square, Twitter, etc. Not all that long ago I became involved in WiFi security and was astonished about the information that is being VOLUNTARILY broadcast by devices that most people can't do without and how easily it can be used to get all kinds of information on you.

The first thing I noticed is that mobile phones with their WiFi enabled are incredibly "loud" in the RF sense and this is on purpose. Think about it... mobile phones have small batteries and more and more consumers want phones that last longer. SO, in terms of battery efficiency and communication quality it makes sense for a phone to connect to a WiFi wireless access point (WAP) rather than try to communicate to the nearest cell tower. In fact, most phones will actually boost power to their transmitter to establish or improve a weak connection to the point that it depletes battery power MUCH faster than it ordinarily would. So the phone, if WiFi is enabled, will look for a WAP that it has previously connected to. These are called probes. Think of it as your phone yelling at the top of it's lungs "HEY!!!! IS SO-AND-SO THERE????". Now, if you've connected at a McDonalds, Starbucks, and the network at a particular hotel you can see where this is going. By your phone actively probing for these networks they are identifying all the places you've been. Someone with a very basic WiFi spectrum analyzer (there is a free app on the Droid appstore) can figure out where you've been. Obviously the more detailed the name of the network (also called a SSID) the easier it is to nail down where you've been. As a side note, phones do NOT delete this list of previous networks by default so you'll have to find instructions on how to clear that for your own phone.

Things to keep in mind:

  1. Some WAPs (for example, those given to customers by their internet providers) have a "hide SSID" mode. This doesn't help at all against a spectrum analyzer. All it'll do is hide it from "friendly" systems so it won't show up in the list of networks that can be added. To bad guys it is all too visible. Best thing to do with your home or work WAPs is to pick a random selection of characters for the SSID and use a strong password to join it. Even then, it is entirely possible to pick out the password as it goes over the air so even that isn't foolproof but you don't have to make it easy for the bad guys.

  2. Turn off the WiFi on your devices when you don't need it. I was SO embarrassed when I went to a vendor demonstration and saw my home network's SSID. It was picking up the SSID from my iPod which I had connected to my car via USB cable. The car wasn't running but the iPod was still sending out probes even though it wasn't actively being used. This goes for ANY WiFi device. This will also help make your battery last longer. Most phones have a widget where you can easily enable Bluetooth (also in the WiFi spectrum) and WiFi. I have a widget that enables airplane mode which turns off all radio transmitters on my phone when I don't need it. Finally a real use for it and you don't even need to be on an airplane. :)

  3. A lot of cars have SSIDs of their own. I can't tell you how many Ford vehicles I've seen simply because I've seen the SSID of "SYNC-XXXXXX" show up and the MAC addresses of the cars transmitters have all been registered to Ford. If you are paranoid make sure that your car uses Bluetooth rather than WiFi. WiFi has a much longer range. A 1 milliwatt transmitter (the weakest setting for a WAP) will EASILY go the distance of a football field and is usable even further than that.

Simply put if someone chooses to carry a smartphone with WiFi enabled all expectations of privacy should go out the door. Because the smartphone broadcasts this information it is perfectly legal for someone to listen to the spectrum and pick it up. It is like yelling at the top of your lungs in a crowded room while asking people to please not hear what you are yelling.