Mobile devices play an increasingly vital role in our daily lives, functioning nowadays as a kind of
Mobile devices play an increasingly vital role in our daily lives, functioning nowadays as a kind of appendage to our body. A test developed by the Hexacta team (HAT) helps us understand about personal data security and how our cellphones sometimes can disclose our personal information without us even realizing it.
“Upon connecting to wireless networks, cellphones develop perfectly legal mechanisms that allow for an easy identification of users, their coordinates, activities, if they change their device, etc., all without committing any crime,” said Eduardo Malvino, supervisor of Hexacta’s Architect Team. This talk was given as part of Hexacta’s #Geeklunch series, where employees give talks to other peers on topics of interest.
The study (based on the findings of Brendan O’Connor) noted that all devices have a unique identifier called a MAC Address, which is presented as a series of numbers. Being able to listen to traffic coming from a MAC Address already gives us a hint about the geographic location of a device (given the short reach of WiFi signals), which can allow tracking of the movements of a person.
Regarding this, Malvino said: “When our phone accesses a wireless network, the connection between the two devices provides a lot of information. On the one hand, you can know for which cellphone was connected to a specific WiFi. Moreover, all the networks that we connect to are automatically stored in our phones. With only a computer, it is easy to gather this information and obtain data that can serve as the launchpoint to learn more about the identities and habits of the cellphone user.”
To demonstrate this, Malvino developed an application that lets you scan the MAC address of the devices and wireless networks that the devices provide. Thus, Malvino found how you can identify a person connected to a given network: such as the University of Buenos Aires network, the Hexacta Guest network and eventually to the network of a random bar.
“This same mechanism can be used more explicitly to learn movements and activities of those who have smartphones- which normal users may not know how to avoid”, Malvino said, and he added “…the same techniques used to handle big data may be used to gather and mine data coming from wireless devices trying to reconnect to know networks.”
Luckily, Hexacta’s report also tells us how you can avoid this problem. “While these data exchange processes are legal protocol throughout the world, modern cellphones models avoid sending information to all the Wifi networks we connect to”. In turn, Malvino warned that another mistake to avoid is to title WiFi networks as our names, addresses, local names or company names.
“While knowledge advances faster and faster, we observe that this knowledge gets distributed slowly and unevenly. Everyone knows to us use a cell phone, but not everyone knows these mechanisms. At Hexacta, we believe that knowledge and education are the two essential pillars for society to make smart choices about technology. That is why we are dedicated to providing these meetings: to share this simple but important knowledge with everyone.”
● Do not put your name on the WiFi, nor any names that provide personal data
● Download applications that prevent device identification, for example (PRY FI)
● Always use the latest version of the OS
● The “probe request” are broadcast type, this means that everyone can hear.
● This information is not encrypted.
● Since it is sent before the connection is established, any “sniffer” can read its contents.