The trail we leave when we use Wi-Fi, even when we don’t connect


Do you feel like the apps on your phone are spying on you? Constant connections to outdoor Wi-Fi networks reveal some of our privacy. A new random address system aims to change this

Do you feel like the apps you use know where you’ve been? How is it possible that you’re getting ads for a certain brand of coffee if you weren’t even connected to Wi-Fi a few hours ago when you visited the store?

We live in a highly connected society. Every day we are connecting more devices and connecting more time and from more different locations. This poses a constant silent threat. Without realizing it, we leave a trail of what we do, when we do it, and where we do it.

The issue of privacy and security on the Internet is more relevant today than ever. There are several dimensions: the confidentiality of the information, its authenticity and of the interlocutors.

This article focuses on one aspect: how to make crawling more difficult.

Devices use MAC (Medium Access Control) addresses to connect to a Wi-Fi network. These serve to identify the device on the network when it is sending or receiving data. Therefore, MAC addresses must be unique on the network.

Each device comes with a factory-set MAC address. These addresses are unique worldwide, so no two devices in the world share the same address.

This is a problem, as we will see below.

In a Wi-Fi network, devices use MAC addresses each time they send or receive information. By using the same address each time, network operators or other observers on the network can check when a particular device is connected to the network. Moreover, in many cases it is very easy to associate the MAC address used by a device with the real identity of the user. For example, when we first connect to a network, we provide information to access it.

A device is vulnerable to being tracked even without a connection to the network. In many cases, Wi-Fi requires devices to send certain messages, such as to find out which networks are available. These messages contain MAC addresses, so they can be used to reveal the identity of terminals even without being connected to the network.

In some cases, a device may actively ask for networks it has recently connected to, including the names of those networks in the messages they send. This allows a would-be attacker to discover which networks the device has recently visited, acquiring highly sensitive information.

To prevent these serious privacy issues, major operating systems have started using random MAC addresses (called private addresses in the case of Apple devices). To make tracking more difficult, devices generate a random MAC address instead of the factory-set address. This address must be unique only on the network on which the device is located.

If the device uses different random addresses for each network it connects to, an observer cannot conclude that it is the same device. Devices also use different random MAC addresses every time you send information without being connected to a network. This makes it difficult to track down users who have not even connected to the network.

Recently, Android and iOS mobile devices use random MAC addresses by default. In some specific scenarios or networks, it may be necessary to disable this behavior. An example is in those networks that use authorized MAC address lists.

The impact that the use of arbitrary MAC addresses can have on the applications we use and the networks we connect to is currently under investigation. There are scenarios where the network needs to identify a device anonymously, even though it uses random addresses. That is the goal of the MADINAS working group of the IETF (Internet Engineering Task Force), the main organization for the standardization of Internet protocols.

It is important to explore how the use of random addresses can be combined with other mechanisms designed to improve privacy. In the future, devices will be able to adapt to the context and specific needs of each user. Just as we can’t walk barefoot on the street and we can do it at home, our devices need to learn how and when to apply certain solutions to protect our privacy.

Did you read this article from a mobile device connected to a Wi-Fi network? You may have revealed more information than you think.

This article was published in The conversation.

Source: La Verdad


Please enter your comment!
Please enter your name here

Share post:



More like this