Not sure if it's a thing of the past, but not too long ago you could use monitor mode to pickup iphones within range and see their AP connection history including, iirc, mac addresses. You could then use wigle to map out paths. Creepy shit.
It's also used for indoor positioning software and pretty sure it's enabled (or at least possible according to vendor patents) on MTA's subway routers/aps. Which again is very creepy if they're using it to track devices with wifi on but not connected.
I found this by accident once, and promptly deleted all of my unused connections. I had stuff from hotels, airports, Disney World, and other locations.
It was also a pretty good way to do Man-in-the-middle attacks, if the phone is looking for starbucks wifi or other known open wifi you could jump right in there.
Yes, I joked that I could create one called attwifi and hang out next to Home Depot. If you made faked bank websites or PayPal you could likely capture some credentials.
They have also collected data directly from the campus WiFi network access points. They replaced the WiFi network access points recently with a new system from Mist:
A standard feature of Mist's system is location tracking using both WiFi and Bluetooth. Essentially the network administrators have the ability to know the location of any WiFi or Bluetooth device to within a meter or so. Mist also uses AI to analyze network derived data in a large variety of ways:
There are API's that can be used to access all this data. This is all useful for troubleshooting network problems and altering network behavior, but can also obviously be used to spy on people. The infrastructure is all there, you just have to flip the switch by changing your intent. I'm sure lots of places have Mist based wireless networks. What do the owners of those networks do with this capability? Who knows? I don't think there is any USA government regulation of what a corporation does with its own local wireless networks. It is not illegal to do location tracking of company employees for example, or of anyone on company property for that matter. The USA really needs some privacy standards.
The smaller cell size of 5G cellular networks allows for fine grain indoor and outdoor tracking of phones also, although there are some regulations on that.
I use https://github.com/merbanan/rtl_433 on the tire pressure monitoring system (TPMS) band used by my car (315 Mhz) to trigger home automation like turning on the lights as we're pulling up. (rtl_433 publishes to MQTT, which triggers actions in Home Assistant for certain serial numbers.)
Side effect is that it also logs the tire serial numbers of most (but not all) cars pulling into my driveway.
In order to get the TPMS to transmit on demand--at least on cars sold here in the United States--you have to send a 125 kHz signal out. The car does this periodically when it takes a reading, but unless you send this signal yourself, you won't reliably get a read as you're pulling up.
The car (a Volvo) seems to ping the sensors at least once per minute when in motion, meaning there's pretty much always at least one ping once we're within range of home. It works perfectly for the home automation use case.
But because I actually have a bunch of RF-emitting sensors (the Wi-Fi stack pulls too much power and ZigBee/Z-Wave licensing is too much $$, although my data is not authenticated).
No. Promiscuous mode, like normal mode, is still connected to a specific SSID. It just instructs the network adapter to not drop IP packets not addressed to it.
Monitor mode is a level higher, and allows for capturing all wireless frames regardless of what SSID they are for, and regardless of whether they contain IP packets or are just signaling like beacon and connection requests.
> Unlike promiscuous mode, which is also used for packet sniffing, monitor mode allows packets to be captured without having to associate with an access point or ad hoc network first. Monitor mode only applies to wireless networks, while promiscuous mode can be used on both wired and wireless networks.
It's also used for indoor positioning software and pretty sure it's enabled (or at least possible according to vendor patents) on MTA's subway routers/aps. Which again is very creepy if they're using it to track devices with wifi on but not connected.