×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Android Leaks Location Data Via Wi-Fi

Soulskill posted about 5 months ago | from the we-all-know-about-your-addiction-to-krispy-kreme dept.

Android 112

Bismillah writes: The Preferred Network Offload feature in Android extends battery life, but it also leaks location data, according to the Electronic Frontier Foundation. What's more, the same flaw is found in Apple OS X and Windows 7. "This location history comes in the form of the names of wireless networks your phone has previously connected to. These frequently identify places you've been, including homes ('Tom’s Wi-Fi'), workplaces ('Company XYZ office net'), churches and political offices ('County Party HQ'), small businesses ('Toulouse Lautrec's house of ill-repute'), and travel destinations ('Tehran Airport wifi'). This data is arguably more dangerous than that leaked in previous location data scandals because it clearly denotes in human language places that you've spent enough time to use the Wi-Fi."

Sorry! There are no comments related to the filter you selected.

OMFG WHO IS SURPRISED BY THIS???? (-1, Troll)

Narcocide (102829) | about 5 months ago | (#47383079)

Not I.

Enjoy your big brother, sheep.

Re:OMFG WHO IS SURPRISED BY THIS???? (1)

Narcocide (102829) | about 5 months ago | (#47383355)

Wait... am I to determine by this rating that you WERE all surprised by this???!

Re:OMFG WHO IS SURPRISED BY THIS???? (0)

Anonymous Coward | about 5 months ago | (#47383463)

Why do people such as yourself call others "sheep"? Is it because the matrix is true and you are one of the few who took the correct coloured pill?

Does it make you seem superior to others that you are not a "sheep" yet somehow they are?

Re:OMFG WHO IS SURPRISED BY THIS???? (0)

Anonymous Coward | about 5 months ago | (#47384051)

Perhaps the true sheep are the ones who go around spouting the sheep meme all the time

Wrong title (5, Insightful)

crashumbc (1221174) | about 5 months ago | (#47383083)

Should be popular SMART PHONES leak WiFi data.

Sensationalist bullshit

Except iOS after version 5 apparently (1, Informative)

glennrrr (592457) | about 5 months ago | (#47383153)

Also according to the article. Somehow iOS manages to have reasonable Wi-fi battery power without using this trick.

Re: Except iOS after version 5 apparently (1, Informative)

Splab (574204) | about 5 months ago | (#47383465)

iOS is still happily twirping your data, hence the mac change in iOS 8.

Re: Except iOS after version 5 apparently (3, Informative)

tlhIngan (30335) | about 5 months ago | (#47384137)

iOS is still happily twirping your data, hence the mac change in iOS 8.

No, that's solving a different problem, namely one of tracking. In sending probe frames (to find out what accesspoints are around) it uses a random MAC address in order to foil those MAC address sniffers they plant in malls and stores that are used to track people as they wander around.

FYI - Android does not have this feature (yet).

Re: Except iOS after version 5 apparently (1)

Anonymous Coward | about 5 months ago | (#47384223)

> FYI - Android does not have this feature (yet).

Pry-Fi [bgr.com] will do it, on a rooted phone.

Google already snoops on Android locations for Ads (2)

recoiledsnake (879048) | about 5 months ago | (#47383611)

They actually track which stores you visit to monetize ads. If you opt out then a lot of things including Google Now stop working.

http://digiday.com/platforms/g... [digiday.com]

They even do the same thing on iOS if you use Gmail, Chrome or Google Now apps.

It is easiest for Google to conduct this passive location tracking on Android users, since Google has embedded location tracking into the software. Once Android users opt in to location services, Google starts collecting their location data as continuously as technologically possible. (Its ability to do so is dependent on cell tower or Wi-Fi signal strength.)

Android is currently the leading mobile OS in the U.S. with a 45.9 percent market share in 2013, according to eMarketer. A little more than a fifth (20.3 percent) of the U.S. population uses Android smartphones.

But Google can also constantly track the location of iPhone users by way of Google apps for iOS, Apple’s mobile operating system. IOS is just behind Android in U.S. market share with 38.3 percent of users, per eMarketer. Nearly 17 percent of the American populace uses an iOS smartphone.

When an iPhone user stops using an app, it continues running “in the background.” The user might not realize it, but the app continues working, much in the same way tabs function on a Web browser.

Google’s namesake iOS app — commonly referred to as Google mobile search — continues collecting a user’s location information when it runs in the background. This information is then used to determine if that user visited a store and whether that store visit can be attributed to a search conducted in the app. Store visits can also be tracked via Google’s other iOS apps that use location services. If iOS users open their Chrome, Gmail or Google Maps app in a store, their location can be deemed a store visit.

And they recently stopped snooping on the free Google Apps and email for Schools and even businesses after doing it for a long time to build ad profiles after they didn't dare telling the same lies in federal court that they were telling to the public about snooping on students to show ads.

http://www.edweek.org/ew/artic... [edweek.org]

http://www.edweek.org/ew/artic... [edweek.org]

But hey, it's Google so they get a free pass here while if MS did anything even close to that people would be shouting from rooftops.

Re:Google already snoops on Android locations for (0)

Anonymous Coward | about 5 months ago | (#47384231)

Except APL does it too. They just don't advertise it and bury it in the EULA.

Remember, not only are you buying a product, you are also a product when you buy i-things! (haven't you noticed all in-app ads are funneled through just one service?)

Re:Google already snoops on Android locations for (1)

the_B0fh (208483) | about 5 months ago | (#47385215)

You obviously have evidence for this?

Re:Google already snoops on Android locations for (1)

Em Adespoton (792954) | about 5 months ago | (#47384623)

But hey, it's Google so they get a free pass here while if MS did anything even close to that people would be shouting from rooftops.

That's because MS has been convicted in court of abusing this power. So far, Google appears to have stayed within the law in how it uses this data.

Except that's not true: Google's got into plenty of trouble for grabbing too much data, then not deleting that data when ordered to by the court.

I think you'll find that Google is well on its way to becoming the new MS -- and not just in the market sense. People ARE starting to grumble, and avoid using Google services for some things.

Re:Google already snoops on Android locations for (1)

cavreader (1903280) | about 5 months ago | (#47386287)

"Google is well on its way to becoming the new MS "

Google has already become just like MS and Apple. They all rank at the top of the most successful companies in the world. These companies have been an integral part of the PC and Internet technical revolution. A revolution that has changed the world of communications and commerce. You can question some of their methods but you should try and balance the good and bad when forming your opinions on their "evilness". None of these companies have ever claimed to be philanthropic organizations.

Re:Wrong title (0)

Anonymous Coward | about 5 months ago | (#47386837)

Academics have studied and quantified this problem a decade ago. Here's a paper from 2007 [jeffpang.net] .

We're just noticing it now since everyone has a smart phone. Funny how slow it takes for well known technology problems to come into popular consciousness sometimes.

Not just Android (5, Insightful)

AmiMoJo (196126) | about 5 months ago | (#47383099)

The sensational headline fails to mention that most operating systems, including OSX and Windows, are affect. In fact most wifi devices are and we have known about this problem since the early days of wifi.

I wish I had the time to mod the shit down before it hit the front page.

Re:Not just Android (4, Informative)

jrumney (197329) | about 5 months ago | (#47383175)

The headline also fails to mention that only manually configured networks are affected (or perhaps old versions of Android, I don't remember the details from the comments to the story about 6 months ago regarding the exact same "flaw" in iOS). This is why it is a BAD idea for security to turn off access point beacons - because if your access point is not sending out beacons to identify itself, then the clients need to send out connection requests blindly - wherever they are.

Re:Not just Android (1)

Charliemopps (1157495) | about 5 months ago | (#47383327)

The headline also fails to mention that only manually configured networks are affected (or perhaps old versions of Android, I don't remember the details from the comments to the story about 6 months ago regarding the exact same "flaw" in iOS). This is why it is a BAD idea for security to turn off access point beacons - because if your access point is not sending out beacons to identify itself, then the clients need to send out connection requests blindly - wherever they are.

That's only if the name is revealing. I called my "The NSA" so people that connect to it are broadcasting that everywhere. I have one neighbor that for some insane reason named his after his address. 123 Johnson road

Re:Not just Android (0)

Nutria (679911) | about 5 months ago | (#47383341)

I called my "The NSA"

How clever you must feel for sticking to The Man.

for some insane reason named his after his address.

Why is that insane?

Re:Not just Android (0)

Anonymous Coward | about 5 months ago | (#47383373)

How clever you must feel for sticking to The Man.

Why so hostile?

Re:Not just Android (0)

Anonymous Coward | about 5 months ago | (#47383379)

Why is that insane?

The clue's in the summary. You don't even have to read the article! It means that when the neighbour is out and about people know his address just by sniffing the traffic coming from his phone.

Re:Not just Android (1, Insightful)

Electricity Likes Me (1098643) | about 5 months ago | (#47383409)

That's not sticking to the man. That's making the hysterical NSA alarmists go nuts. So, quite the opposite.

Re:Not just Android (1)

I'm New Around Here (1154723) | about 5 months ago | (#47383483)

for some insane reason named his after his address.

Why is that insane?

I don't know why either. My wifi is named after my wife's place of origin.

NABOO.

That's why we call our daughter Princess.

Re:Not just Android (1)

yacc143 (975862) | about 5 months ago | (#47383575)

It's insane because it distributes data that is unnecessary.

Depending upon how "hackable" the WLAN is, if an unauthorized person accesses it, it gives the first clue what to enter in all these address boxes online.

Ok, somebody mentioned being able to contact the responsible person if there is an issue. Now that kind of presumes that the typical operator of a home wifi spot knows how to fix the issue or even can fix the issue (it's incredible what kind of trash is being sold nowadays as a wifi router, and in some cases it's the ISP that provides you the router. These are usually even trashier than what users buy on their own).

Re:Not just Android (1)

itzly (3699663) | about 5 months ago | (#47383623)

Of course, with a directional antenna, it's pretty easy to find the street address of an access point.

Re:Not just Android (1)

Nutria (679911) | about 5 months ago | (#47383925)

Or with the signal bars and a bit of driving.

Re:Not just Android (1)

sumdumass (711423) | about 5 months ago | (#47386339)

Or with just the name of the ssid broadcast and a general geographic area.

You can use sites like wigle to search it out. If enough entries are put in, it prety much accurately trianglstes the location on the map. It has my old neiborhood down to withing a few feet of the apartments. A signal meter on a smart phone should get you to the front door.

I know of at least one reverse hacking incident (the hacker got hacked by its target while trying to penetrate a network) where the hacker was tracked down by reading the ssids availible on the wireless network and using a site like that to pinpoint a location.

Re:Not just Android (0)

Anonymous Coward | about 5 months ago | (#47383597)

Do you wear a name tag with your address on it in public? Would you consider that a good idea? Same thing.

Re:Not just Android (1)

Imrik (148191) | about 5 months ago | (#47383947)

Well, not my address but the address of where I work. Also, it's called a security badge, not a name tag.

Re:Not just Android (1)

the_B0fh (208483) | about 5 months ago | (#47385219)

Are you really equating giving your work address and your home address out as the same thing?

Re: Not just Android (1)

Philip Mather (2889417) | about 5 months ago | (#47385443)

Having the name, logo, colors or even font branding (let alone address) of the company on a security pass is a complete fail. If you drop it and a bad person picks it up they can then tell where it will get them access to, this is catastrophic if it's RFID swipe pass for barriers/doors. The only marking that should be present on a security pass is a photo, no name, no barcodes, nothing but a color photo of the owner. Lanyards may, in low security applications be color coded to some function or other (temp, contractor or perm employee for example) but not relied upon.

Re:Not just Android (3, Insightful)

jones_supa (887896) | about 5 months ago | (#47383453)

I have one neighbor that for some insane reason named his after his address. 123 Johnson road

He is just politely revealing who is the owner of the station. In this way it can also be seen as a responsible thing. If that particular station is causing some kind of problems to others, it is easy to contact the owner to discuss about it.

Re:Not just Android (4, Funny)

itzly (3699663) | about 5 months ago | (#47383525)

I have one neighbor that for some insane reason named his after his address. 123 Johnson road

Even worse, I have a neighbor who has his house number plainly visible right next to his front door, and the name of the street is clearly marked at the intersection. Total nutcase, if you ask me. Anybody who knows his address can just go and visit him.

Re: Not just Android (1)

Anonymous Coward | about 5 months ago | (#47384071)

They probably also have a mailbox outside their house that is TOTALLY UNSECURED.

Re: Not just Android (0)

Anonymous Coward | about 5 months ago | (#47384101)

I'll bet tsomeone that stupid also has his house number affixed to his house in plain view.

Re: Not just Android (3, Informative)

Em Adespoton (792954) | about 5 months ago | (#47384671)

To be a decent analogy, they'd need it affixed to something mobile, like their car, as well as to their house.

The point here is that the CLIENTS start broadcasting the string whenever they're not connected to Wifi. So his phone/laptop will be advertising where their owner lives whenever he's away from home with them.

If you still don't get it, it's like everyone in his family wearing a T-shirt that says "My home address is 123 Johnson Rd -- and if you're reading this, I'm probably not at home".

It makes burglary easy, and stalking as well.

Re: Not just Android (1)

the_B0fh (208483) | about 5 months ago | (#47385225)

Why does it take this much effort to explain to idiots why this is a bad idea?

Re: Not just Android (1)

stephanruby (542433) | about 5 months ago | (#47386203)

If you still don't get it, it's like everyone in his family wearing a T-shirt that says "My home address is 123 Johnson Rd -- and if you're reading this, I'm probably not at home".

You're making two assumptions here:
1. That everyone with a laptop lives alone. I don't, you insensitive clod. I live with my mother.
2. That everyone with a laptop lives at the actual location being broadcasted. For all you know, I could just have visited that location.
If you're worried about theft and stalking, you should be much more concerned about neighborhood/employer/school-required parking stickers. With these, one can easily guess the approximate locations where your car parks, and therefore where you might actually live/work/study (since those actually require a formal verification before being issued).

Re:Not just Android (0)

Anonymous Coward | about 5 months ago | (#47383415)

The headline also fails to mention that this particular bug is only being talked about because Google is submitting a patch to fix the issue.

Re:Not just Android (1)

SirJorgelOfBorgel (897488) | about 5 months ago | (#47384771)

Unfortunately, that just isn't true. The affected Android devices leak all known networks, not just the manually configured ones. Go ahead and test it.

Re:Not just Android (0)

Anonymous Coward | about 5 months ago | (#47387189)

The headline also fails to mention that only manually configured networks are affected

Scans originating from wpa_supplicant running on the host only show scan_ssid=1 (manually configured) networks. The PNO scans affect all SSIDs. See posts #24-25:

http://forum.xda-developers.co... [xda-developers.com]

Re:Not just Android (1)

Anonymous Coward | about 5 months ago | (#47383177)

Would be sweet if everybody stopped using "hidden" wifi. Since that needs this continuous broadcasting of the name by the clients.

Re:Not just Android (1)

SirJorgelOfBorgel (897488) | about 5 months ago | (#47384785)

Irrelevant - the issue on Android is not limited to hidden networks.

Re:Not just Android (1, Informative)

Dixie_Flatline (5077) | about 5 months ago | (#47383501)

It's marginally more relevant that Android does it. There are a lot more Android devices than portable Windows and OS X devices that actually move around. (That is, not even the full population of laptops is necessarily being moved from hotspot to hotspot; I know plenty of people that have laptops that stay at home and are just for portability around the house.)

Anyway, the headline is reasonably sensational, but not false, and the summary clarifies. I've seen a lot worse (bad headlines, worse summaries; etc.) pretty much everywhere that ever posts a headline.

Re:Not just Android (-1)

Anonymous Coward | about 5 months ago | (#47383603)

Hitting the minus sign on firehose should work for you. Does the fact that this happens on other OS's or the fact that we've known about it for years absolve android.
Just get a surface Pro 3. It's a real tablet killer. I don't expect android to survive much longer once Samsung throws it on the trash heap.
Linux is beginning to show cracks due to it's sophomoric design decisions and playground like development. Good riddance.

Re:Not just Android (1)

penguinoid (724646) | about 5 months ago | (#47384097)

The sensational headline fails to mention that most operating systems, including OSX and Windows, are affected.

Since when is it sensationalist to understate the situation? I think the word you're looking for is "provocative", since most of the readers are android users.

You would smother the news... (0)

Anonymous Coward | about 5 months ago | (#47385909)

Because it isn't news to you?

Wow, under your dictatorship what enlightenment we'd be able to expect!

The Axis of Evil aka. Big Brother aka. Five Eyes (0)

Anonymous Coward | about 5 months ago | (#47383101)

say thanks. It's 2014 and engineers are still designing protocols like we're all friends who respect each others' privacy.

Re:The Axis of Evil aka. Big Brother aka. Five Eye (1)

Nutria (679911) | about 5 months ago | (#47383365)

Except that this protocol was designed long ago.

Re:The Axis of Evil aka. Big Brother aka. Five Eye (0)

Anonymous Coward | about 5 months ago | (#47383537)

That doesn't invalidate the point. Besides, the feature which leaks the information is relatively new, and it leaks more information than necessary, even when following the old protocol (as evidenced by a bugfix which stops Android from broadcasting SSIDs of networks which aren't "hidden".)

Noticed this before (1)

HalAtWork (926717) | about 5 months ago | (#47383131)

I've noticed this before but haven't been able to figure out how to delete it. I guess it has to do with the device searching for stored WiFi networks to establish a connection? Still annoying. According to the article, if you connect to hidden networks then you won't be able to get around this, unfortunately that's almost all the networks I connect to. Couldn't it just do a scan of nearby networks and look up the MAC address of the hidden networks, and, on a match, then try to establish a connection?

Re:Noticed this before (4, Informative)

jrumney (197329) | about 5 months ago | (#47383205)

Its the scan of nearby networks bit where it needs to send out the WiFi networks it wants to connect to. That's why making your SSID hidden is a security anti-pattern. Tell the owners of the networks you connect to to stop doing it - anyone nearby can see all the clients making requests to join your network, so it isn't adding any security in your near vicinity, and elsewhere, others can still see your clients trying to connect to your network wherever they are, because to connect to hidden networks you have to go out and proactively look for them.

Re: Noticed this before (1)

Splab (574204) | about 5 months ago | (#47383475)

Most devices are broadcasting known ssid regardless of the ap being hidden, there is quite an industry around sniffing this data.

Re:Noticed this before (1)

I'm New Around Here (1154723) | about 5 months ago | (#47383497)

Does is matter if the connection has encryption enabled? Or is the first exchange un-encrypted anyway?

Re:Noticed this before (1)

Anonymous Coward | about 5 months ago | (#47383573)

Encrypted networks also transmit the SSID in the clear in management frames. A "hidden" network only removes the SSID from the beacon frames. Disabling "SSID broadcasts" will cause clients to broadcast the SSID in search of the network wherever they go. That is not news (although the clients could arguably be a little more clever about this). The news is that Android actively searches for networks which are not hidden and which could easily be found by passive listening.

Enough time to connect to Wi-Fi (2)

geogob (569250) | about 5 months ago | (#47383137)

"[...] because it clearly denotes in human language places that you've spent enough time to use the Wi-Fi."

I though driving by an open hotspot on the highway was enough time to use it. At least they would know on which Highway I drove.

Re:Enough time to connect to Wi-Fi (2)

jrumney (197329) | about 5 months ago | (#47383251)

I though driving by an open hotspot on the highway was enough time to use it.

Only with 802.11p which allows data transfer without associating to the access point, and maybe the still under development 802.11ai, which aims to speed up the time required for association to under 100ms.

Plainly stupid (0)

Anonymous Coward | about 5 months ago | (#47383203)

How can this sensational headline make into slashdot home page?

Um, no, it doesn't (1, Informative)

theoriginalturtle (248717) | about 5 months ago | (#47383207)

No, it doesn't "show you've spent enough time to use the wifi." For fun, grab an Android app called WifiCollector. On a 200-mile drive through three Eastern states a few weeks ago, it sniffed out over a thousand WAPs (most of them not open). Anyone using that to imply I was actually at any of those locations long enough to use the wifi is probably just about smart enough to work in a government intelligence job.

Re:Um, no, it doesn't (0)

Anonymous Coward | about 5 months ago | (#47383267)

Erm... it's not that. It is based on what wifi you have connected to, especially those that are configured with hidden SSID. Because it does not know whether the hidden SSID is there or not, it will attempt to connect to each of these.

What urks me is that this is not limited to Android. It is a "feature" of any wifi-capable device.

Re:Um, no, it doesn't (0)

Anonymous Coward | about 5 months ago | (#47383531)

Urks = irks

Re:Um, no, it doesn't (1)

TheRealHocusLocus (2319802) | about 5 months ago | (#47383855)

Urks = irks

We are the fighting Uruk-hai!
We slew the great warrior.
We took the prisoners.
We are the servants of Saruman the Wise, the White Hand:
the Hand that gives us man's-flesh to eat.
We came out of Isengard, and led you here,
and we shall lead you back by the way we choose.
I am Uglúk. I have spoken.

Droid does what iDon't: SSID spotting (3, Interesting)

tepples (727027) | about 5 months ago | (#47383559)

For fun, grab an Android app called WifiCollector.

Or MozStumbler [slashdot.org] , from the makers of Firefox.

But if you're looking for something similar on iOS, you won't find anything on the App Store because there's no public API to log seen SSIDs on iOS. Instead of making a public API, Apple instead just decided to blacklist the entire category of applications in March 2010 [slashdot.org] .

Default behavior, it's in the spec. (0)

Anonymous Coward | about 5 months ago | (#47383259)

This is primarily to be able to access "hidden networks" (hidden SSIDs) - they are called Probe Request packets.

Although it is intended behavior and people who are aware of it can mitigate the problem, it is still very unknown to the general public, and I believe the behavior should be different. Fo sho.

Probe requests should be manual (1)

tepples (727027) | about 5 months ago | (#47383571)

For the sake of the user's privacy, operating systems need to default to manually sending probe requests. If that isn't convenient enough, and the device has cellular or GPS sensors, then when the user turns on Wi-Fi, the device could briefly turn on cellular and GPS radios and trilaterate nearby towers and satellites in order to determine which SSID's probe request to send.

Re: Probe requests should be manual (1)

cbiltcliffe (186293) | about 5 months ago | (#47383751)

So, your solution to leaking location data by WiFi is to automatically turn on the potentially even more intrusive GPS locator?

Re: Probe requests should be manual (1)

tepples (727027) | about 5 months ago | (#47383903)

The article is about eavesdropping on probe requests that a device sends. In my proposal, a device would first listen for signals from GPS satellites to narrow the list of hidden SSIDs before determining which probe requests to send. Could you explain how using a GPS receiver to narrow down these probe requests would be "potentially even more intrusive"?

Re: Probe requests should be manual (0)

Anonymous Coward | about 5 months ago | (#47383921)

GPS is completely passive (unless you use AGPS, but even then it doesn't leak a lot of information). You can use GPS without any network connection, and nobody will know. If you record and leak location information, that is not particular to GPS and can only be avoided by not using any location service at all.

Re:Default behavior, it's in the spec. (1)

yacc143 (975862) | about 5 months ago | (#47383633)

Well, auto connect for encryption less wifis is a clear way to get MITM attacked.

But even with encryption the way Wifi work your device will broadcast all networks it tries to autoconnect. An most mobile devices that's equal to "known networks".

Laptops too? (2)

Lawrence_Bird (67278) | about 5 months ago | (#47383263)

So basically it sounds like anything using the wpa_supplicant code may do this? I can understand why it may be necessary for a hidden network, don't understand why the connecting party would ever transmit anything about past connections for public networks. Isn't SSID included in the beacon every 100ms or so?

Re:Laptops too? (1)

itzly (3699663) | about 5 months ago | (#47383315)

In order to receive the beacons you would have to keep the receiver powered up for longer times, wasting battery.

Re:Laptops too? (0)

Anonymous Coward | about 5 months ago | (#47383637)

Beacons are sent once every 100ms, i.e. 10 per second, by default. You don't have to have the receiver on for long, and sending uses much more power than receiving (you still have to do this on all channels and then listen for the response on each channel, so you're not even gaining anything there.)

Re:Laptops too? (1)

itzly (3699663) | about 5 months ago | (#47384109)

100ms is the default, but longer periods are possible. And while the transmitter may take 5x as much power, it only needs to be on for 1 ms, so you're still saving power. The reply should come almost immediately (only microseconds of gap), so the receiver only needs to be on for a very short time, assuming there's no response.

Re:Laptops too? (1)

SirJorgelOfBorgel (897488) | about 5 months ago | (#47384955)

PNO is implemented in the Wi-Fi firmware, and generally only active if the main device CPU is asleep.

wpa_supplicant tells the Wi-Fi firmware which networks it is interested in, then when the main CPU sleeps, the Wi-Fi chip keeps scanning for those networks periodically, which takes less power than waking the main CPU periodically to do this. In PNO's scanning process, it broadcasts all the names. There's no technical reason this is needed aside from hidden SSIDs (and indeed non-PNO wpa_supplicant scans don't do this either). The PNO feature however doesn't make that distinction and broadcasts all the names instead of the hidden ones. From the sources I've read, it seems there's no way to tell the firmware to make a distinction between active (for hidden) and passive (for non-hidden) SSIDs.

So yes, in effect, anything based on wpa_supplicant and PNO may do this. However, this is not wpa_supplicant's fault per se, rather PNO's. I don't think my laptop bothers scanning for Wi-Fi networks when it's sleeping at all, or even supports PNO, but your mileage may vary on that. There's no rule saying PNO can only be used when the main CPU is asleep either, though that is what's built for. Your software could be using it all the time (unlikely, but possible).

Not the whole story.. (0)

Anonymous Coward | about 5 months ago | (#47383279)

The leaking of location data isn't even the whole story.

Vice did a decent documentary on this recently. See: https://www.youtube.com/watch?v=dysnKiXUlRU

Your phone will, by default, try to connect to a Wifi hotspot when it's in range. When it's previously connected to, and remembered an open Wifi network, it creates a security risk. It seems like what they're doing is probing for specific APs, rather than (or as well as) doing a channel scan without specifying the SSID (presumably for reasons of efficiency, thus saving battery life). This allows an in-range malicious user to listen for these probe requests, and then automatically spin up a Wifi hotspot with the same SSID as one of those open networks. Once you're connected, they can intercept any encrypted traffic, and perform MIM attacks. Scary stuff.

Re:Not the whole story.. (0)

Anonymous Coward | about 5 months ago | (#47383331)

Sorry, I meant to say unencrypted.

secret agent reporting in (1)

starsky51 (959750) | about 5 months ago | (#47383287)

ok control, we've discovered that the suspect is called, or knows someone called, 'Tom', and that he once visited a McDonald's... maybe.

Why mention Android in the title? (2)

Threni (635302) | about 5 months ago | (#47383337)

"What's more, the same flaw is found in Apple OS X and Windows 7."

Clickbait, maybe?

Duh! (1)

pcjunky (517872) | about 5 months ago | (#47383349)

I think we kind of figured this already.

Just how is my phone "leaking" this information. I you get my phone then you may know where I have been but I am not going to give you my phone if I want to conceal this information.

Re:Duh! (1)

itzly (3699663) | about 5 months ago | (#47383363)

The phone is broadcasting it over wifi.

Free Wifi (3, Interesting)

AndyCanfield (700565) | about 5 months ago | (#47383361)

Here in Thailand / Laos I have recently seen massage parlor signs advertising "Free Wifi". You get in a room with a beautiful lady and she rubs her hands all over your body. Why would you want to check your e-mail? And certainly you would not "Exotic Massage" to show up in your wifi list. But remember that phones are like that. I manually checked my wife's call history to see if she had telephoned my girlfriend.

Re:Free Wifi (2)

tepples (727027) | about 5 months ago | (#47383605)

If by "wifi list" you mean the list of known SSIDs on a device, that can be solved by using your device's user switching and making some SSIDs private to one user. Unfortunately, Android doesn't seem to implement multi-user for devices with screens smaller than 7 inches, and I don't know whether known SSIDs are user-specific or system-wide.

If by "wifi list" you mean the topic of the article (a list collected by someone listening for probe requests for hidden SSIDs), an SSID will appear only if 1. it has a hidden SSID, and 2. your device sends probe requests automatically instead of manually, and 3. your device doesn't use cellular or GPS location to determine which SSIDs' probe requests to send.

Re:Free Wifi (0)

Anonymous Coward | about 5 months ago | (#47385177)

If by "wife" you mean... awwnevermind.

Re:Free Wifi (0)

Anonymous Coward | about 5 months ago | (#47386141)

Thanks for the idea. From now on, my mobile hotspot will be "Exotic Massage"

Why does it broadcast *all* SSIDs? (1)

Nutria (679911) | about 5 months ago | (#47383391)

If this is for looking up hidden SSIDs, then why not ping looking for know-hidden SSIDs?

Re:Why does it broadcast *all* SSIDs? (1)

T-ice (1069420) | about 5 months ago | (#47383759)

Because it's easier to De-auth 1 visible connected client, and listen to the probe requests as it tries to reconnect. I believe that's called SSID decloaking, or something like that. There are enough of the right tools to be able to do this automagically while driving down the road with a laptop and a gps dongle. If there isn't a tool that does all the magic, I'm know that a mix of them could easily make all the necessary output that could be put together after a 2 hour drive through town. People still make wardriving tools. But we have so much wifi now that most would be wardrivers don't make it past the driveway. Long story short, it's even easier than that.

How to turn it off (1)

Anonymous Coward | about 5 months ago | (#47383473)

On rooted Android, one can configure wpa_supplicant to _not_ "scan_ssid" globally but individually, for the hidden APs. Also, one can set the "bssid" of the access points he connects to. There was a need for a better interface a while ago...

Churches provide free WIFI now? (0)

Anonymous Coward | about 5 months ago | (#47383569)

Churches provide free WiFi now? So you have something to do during the sermon?

Re:Churches provide free WIFI now? (-1, Flamebait)

Anonymous Coward | about 5 months ago | (#47384273)

The pastor has to be able to browse gay porn somehow

This assumes ... (1)

PPH (736903) | about 5 months ago | (#47383591)

... that the names assigned to WiFi access points have any relationship to reality. Where I'm sitting, I can see 'MoeBalls', 'Hide Yo Kids, Hide Yo WiFi', 'Mac', 'Get off my LAN', 'It Hurts When IP', 'Bala Yoga', .....

Re:This assumes ... (1)

msauve (701917) | about 5 months ago | (#47384883)

This assumes that the names assigned to WiFi access points have any relationship to reality.

Do you get your coffee from the Urban Coffee Lounge or the Starbucks before going to Juanita Beach Park, there in Kirkland, WA?

Nope, no relation to reality whatsoever.

This is old (1)

Jorl17 (1716772) | about 5 months ago | (#47383757)

This is _really_ old news. I've been to two or three talks about this. How can anyone still be surprised?

Re:This is old (1)

canadiannomad (1745008) | about 5 months ago | (#47384443)

How can anyone still be surprised?

Because they are one of the lucky 10000 [xkcd.com] ...

I've wrote a tool to exploit this. (0)

Anonymous Coward | about 5 months ago | (#47384279)

I wrote stuff to do this, but to aid in the capture of criminals. This kind of tool is extremely valuable to bounty hunters (professionals and not the assholes kicking down random doors like their cowboys).

Captcha: dictator seems fitting.

Re: I've wrote a tool to exploit this. (0)

Anonymous Coward | about 5 months ago | (#47385009)

Then you also wrote a tool for the harassment and persecution of the innocent. Anything that CAN be misused WILL be misused. Especially if you get it anywhere near law enforcement and those close to them.

Headline Whore Much Soulskill/Dice Holdings ? (1)

hduff (570443) | about 5 months ago | (#47384347)

What's more, the same flaw is found in Apple OS X and Windows 7.

So why only"Android' in the headline? Why not use "Smartphones"?

Re:Headline Whore Much Soulskill/Dice Holdings ? (2)

Jabrwock (985861) | about 5 months ago | (#47384437)

Because OS X and Windows 7 aren't mobile OSs? The article does address that, and states that it doesn't believe the risk to laptop users to be worth more than a mention, because laptops are generally powered down when moving around, unlike smartphones that keep scanning.

Mitigation would be easy... (1)

niftymitch (1625721) | about 5 months ago | (#47385305)

It is possible on an unlocked device to spoof this data by
collecting data from other phones in passing or from a
mesh of friends that pull data from their device and share
it with others.

i.e. should my WiFi device hear such a broadcast.
It could save parts of it, format those and insert the data
randomly into the list of devices my device appears to know about.

After anyone publishes enough to prove the possibility
then the information can no longer be used with impunity against
an individual because data stamps could be changed and
data inserted.... by a third party.

As we know from Snowden papers, TLAs do exploit flaws
and coerce vendors to insert and unlock side doors in devices .
Further all such activity is classified so any jury can
now be presented with reasonable doubt that the evidence
of this type on a phone or laptop has any validity.

Scan recent history for "surveillance equipment is known as a Stingray, an innovative way
for law enforcement to track cellphones used by suspects and gather evidence.
The equipment tricks cellphones into identifying some of their owners’ account information,..."
(theblaze.com)

I am reminded of a plugin to firefox that did much the same thing by randomly
making HTTP connections hither and yon triggered by a chain of "interesting" words.
The intent was to pollute the search history etc.... again to add uncertainty
that the individual was doing anything "of interest" to the prosecution.

On occasion I still fire it up from time to time not because I wish to hide anything I did but because
I wish to protect myself from those that would hide stuff on my system via tricks like
a 1x1 pixel display of a high resolution image download or mouse over abusive
use of JavaScript or modern HTML5 canvases and many many more abusive things.

That's not location data (1)

EmagGeek (574360) | about 5 months ago | (#47385951)

The data described as being leaked is not location data. It is the names of SSIDs to which the device has connected before.

Just sayin

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?