Smartphones Enable Mapping Offline Networks (and JYA on secrecy)

I’ve covered the way smartphones broadcast the names of some-or-all of the WiFi networks you’ve connected to… now some researchers have taken this “feature” and used it to map offline — read, person-to-person — networks at large gatherings.

The implications are fairly obvious, and equally nasty. The key half of metadata that you *can’t* get from mass surveillance and giving Zuck free cocaine is the interpersonal side… who knows whom just face to face, but not on Facialbook?

Well, if those people, say, show up at a protest… and you snarf down their Preferred Network Lists… now you know.

(not like you couldn’t do this with all the cell geolocation data ever, but this makes it easy for EVERYONE to do it, from cops to cultists to Greek neo-nazis to bankers’ corporate security.)

JYA on secrecy: Just wanted to quote the following John Young gem at y’all.

Date: Sun, 22 Sep 2013 10:35:33 -0400
From: John Young
To:,, Subject: Cryptography Inevitable Failure

Nothing more useful for spies than widely trusted cryptosystems. Nor do they ever reveal cracking the highly reputable. Neither confirm nor deny. They do leak vulns, participate in standards settings earnestly and lackadasiacly, fund good and bad research, buy good and bad systems, hire good and bad staff and contractors, engage in open and secret enterprises, issue truthful and false statements, advise and mislead political leaders in public and in secret briefings, claim to obey civilian leaders and disobey them. As Hallam-Baker reported, NSA when confronted with A
and B choices, select both. This obligatory duplicity is avowed necessary to conceal what is good and what is bad, both
classified for deception.

Presumably there is stash of comsec revelations pre-positioned for implementation as needs arise and also when needs do not arise.

“Researchers at Italy’s Sapienza – Università di Roma have used Wi-Fi probe requests from smartphones to take a social snapshot of large gatherings of people.

The researchers, in a paper (PDF) submitted to Internet Measurement Conference 2013, spent three months collecting the probes emitted by smartphones and other Wi-Fi-enabled devices as they seek a wireless network to connect to. Over three months they collected more than 11 million probes from close to 165,000 individual devices.

Wi-Fi client devices can seek a wireless network to connect to through active or passive scanning for ‘beacons’ broadcast by access points. Smartphones typically use active scanning, which means they switch on their wireless radio for a brief period to send a probe request and receive information about networks within range. The operating systems of wireless devices can include a preferred network list (PNL), which incorporates some of the SSIDs of Wi-Fi networks the device has previously successfully connected to, and some devices will include this information in their probe requests.

Intercepting probe requests is a trivial exercise, with the researchers using a handful of notebooks and a wireless antenna. Ascertaining the vendor of a wireless client was a simple case of matching the first three bytes of a device’s MAC address to the IEEE Public OUI list.

The research revealed disparities in the devices which incorporated PNLs in their probe requests. In the device breakdown, BlackBerry devices were found to most commonly disclose part of their PNL; 92 per cent of the devices revealed a portion of their PNL, followed by HTC (55 per cent), Sony (35 per cent), Apple (35 per cent), Samsung (31 per cent) and Nokia (13 per cent).

Having sniffed SSIDs of networks devices had previously connected to, the researchers – Marco V. Barbera, Alessandro Epasto, Alessandro Mei, Vasile C. Perta, and Julinda Stefa – were able to conduct statistical analyses of the networks’ names.

“We can regard the PNL of a device as a list of significant places visited by the user—significant enough that the user spent some time to connect to the access point. Therefore, the fact that two users share one or more SSIDs in the PNL of their devices should intuitively provide some information on the existence of a social relationship between the two,” the paper states.

The researchers were able to compare network SSIDs by language, giving an indication of the international composition of a crowd, as well as by device brand, which can be used as an indication of the socioeconomic status of a group.

For example, the higher penetration of Apple devices at a meeting of the conservative Popolo della Lib-ertà compared to a meeting of the progressive Movimento Cinque Stelle is a good indication of the relative wealth of their respective constituencies. “

%d bloggers like this: