Hacker News new | past | comments | ask | show | jobs | submit login
Passive WiFi Tracking (edwardkeeble.com)
61 points by primroot on Dec 15, 2014 | hide | past | favorite | 15 comments



My generic Android phone, like many others, has a different random MAC every time I switch WiFi on and off since the manufacturer didn't write one to the EEPROM. A lot of people find this to be a bug, but maybe it's an "unintentional security feature"... it certainly is quite useful when using limited free WiFi hotspots.


This sounds like a perfect feature for iPhones / Android which could be enabled.


I have my laptop set explicitly to do the same thing.


Doesn't iOS 8 do dynamic Mac addresses now? This would mitigate most privacy concerns from WiFi tracking.


It does but only if the device is locked and not associated to a wifi network. Even if those conditions are met, the device will only broadcast the "random" mac on set intervals and the locally generated mac will always have the second-least-significant bit set to 1.

From a consumer perspective, it's quite easy: to prevent being tracked, don't walk around with wifi turned on.

From an engineering perspective, toss out any mac with the U/L bit set to 1.


> It does but only if the device is locked and not associated to a wifi network.

So that's why so many malls have 'free' wireless :-)


no, doesn't seem to. I'll report back after I setup my tracker in a few days http://www.imore.com/closer-look-ios-8s-mac-randomization


Please do, I've actually heard the same!


There seems to have been a surprising amount of attention paid to passive wifi tracking recently. We did a hack weekend project on this last year (http://matthewmacleod.co.uk/blog/passive-wifi-tracking.html – though I never got to write it up properly) and I've had a number of people looking for more details.

This article's a pretty good approach. We used Kismet instead though – you can control it using a nice TCP interface, and have it spit out the hardware MAC addresses of any packets it sees.

Pretty interesting, but I'd never roll this out in a public place. Just seems a little creepy…


I wrote a similar script (via aircrack) at a recent hackathon to gather wifi nodes, and group them up by their access point (or if they weren't connected to one). The data dump was then transformed into json and fed into a neat little d3 chart.

The hardware was very minimal too, just an Arduino Yun with a cheap high-gain antenna.

It was a fun project to hack on, but it definitely raised some eyebrows and made me rethink about some of the privacy concerns around this.


It's interesting the attention that passive wifi tracking is receiving. Another person and I actually wrote software a client to install on raspberry pi's and a server to store all the results. We deployed this on our college campus and were shocked by how well we could track devices [1]. This is a serious problem given a large scale of sensors.

[1] We only stored a bcrypt hash of the mac address given the privacy concerns.


I've been toying around with monitor mode on the Pi, and I'd love to see your implementation if this. Do you have a write-up somewhere? (I have no nefarious intentions, though that assertion is admittedly useless when it comes from a stranger on the internet)


Sure thing, I'm not sure if the code on github is stable, but the client is https://github.com/B0bby/StudySniffer, and the server is https://github.com/UnrealAkama/SnifferServer.

If you have any questions, just reach out to my email. I'll be glad to help.


Much appreciated!


genuine question - this sounds illegal? is it and if so why?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: