by Mathieu Cunche, Mohamed Ali Kaafar and Roksana Boreli
Wi-Fi technology, available in the vast majority of mobile phones, tablets, laptops and other computing devices that we use in our daily lives, has enabled widespread use of new applications and services. This technology, however, has a number of issues related to privacy loss, exacerbated by its ubiquity. Our research shows how the information freely transmitted by the Wi-Fi protocol can be used to identify links between people, ie whether they are family, friends, colleagues etc.
Wi-Fi protocol includes potential sources of personal information leaks. Wi-Fi enabled devices commonly use active discovery mode to find the available Wi-Fi access points (APs). This mechanism includes broadcast of the Wi-Fi network’s names to which the mobile device has previously been connected, in plain text, which may be easily observed and captured by any Wi-Fi device monitoring the control traffic. The combination of the network names associated with any single mobile device can be considered as a Wi-Fi fingerprint which can be used to identify the user to whom the mobile device belongs. Our research  investigates how it is possible to exploit these Wi-Fi fingerprints to identify links between users, ie owners of the mobile devices broadcasting such network names.
From June to October 2012, we collected data using a laptop running Wi-Fi monitoring tools in the city of Sydney. Overall, Wi-Fi fingerprints of more than 8,000 devices were collected and we found that some devices were revealing their associations to more than 80 Wi-Fi networks. In order to test our hypothesis (social links can be inferred based on the Wi-Fi fingerprint) we collected the Wi-Fi fingerprint, as well as the existing social links, from a group of volunteers.
Identifying linked individuals
Our approach is based on the similarity between Wi-Fi fingerprints, which is equated to the likelihood of the corresponding users being linked. When computing the similarity between two Wi-Fi fingerprints, two dimensions need to be considered:
- The number of network names in common. Indeed, sharing a network is an indication of the existence of a link, eg friends and family that share multiple Wi-Fi networks.
- The rarity of the network names in common. Some network names are very common and sharing them does not imply a link between the users. This is the case for public network names, for instance McDonalds Free Wi-Fi, or default network names such as NETGEAR and linksys. On the other hand, uncommon network names such as Griffin Family Network or Orange-3EF50 are likely to be associated with a strong link between the users of these networks.
Utilizing a carefully designed similarity metric, we have been able to infer the existence of social links with a high confidence: 80% of the links were detected with an error rate of 7%.
Who should worry about it?
Owners of smartphones are particularly exposed to this threat, as these devices are carried on persons throughout the day, connecting to multiple Wi-Fi networks and also broadcasting their connection history.
What can be done to prevent the linking?
There are a number of industry and research initiatives aiming to address the Wi-Fi related privacy issues. The deployment of new technology, ie privacy preserving discovery services, would necessitate software modifications in currently deployed APs and devices. The obvious solution - to disable active discovery mode - comes at the expense of performance and usability, ie it would take longer for the Wi-Fi capable device to find and connect to an available AP. As a possible first step, users should be encouraged to remove obsolete connection history entries, which may lower the similarity metric and thus reduce the ease of linkage.
 M. Cunche, M.A. Kaafar, and R. Boreli: “I know who you will meet this evening! linking wireless devices using wi-fi probe requests”, WoWMoM 2012 IEEE International Symposium, p. 1-9, June 2012.
INSA-Lyon and Inria, France