Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
SpringerLink
Log in

I know your MAC address: targeted tracking of individual using Wi-Fi

  • Correspondence
  • Published:
Journal of Computer Virology and Hacking Techniques Aims and scope Submit manuscript

Abstract

This work is about wireless communications technologies embedded in portable devices, namely Wi-Fi, Bluetooth and GSM. Focusing on Wi-Fi, we study the privacy issues and potential missuses that can affect the owners of wireless-enabled portable devices. Wi-Fi enable-devices periodically broadcast in plain-text their unique identifier along with other sensitive information. As a consequence, their owners are vulnerable to a range of privacy breaches such as the tracking of their movement and inference of private information (Cunche et al. in Pervasive Mobile Comput, 2013; Greenstein in Proceedings of the 11th USENIX workshop on hot topics in operating systems, pp 10:1–10:6. USENIX Association, Berkeley, 2007). As serious as those information leakage can be, linking a device with an individual and its real world identity is not a straightforward task. Focusing on this problem, we present a set of attacks that allow an attacker to link a Wi-Fi device to its owner identity. We present two methods that, given an individual of interest, allow identifying the MAC address of its Wi-Fi enabled portable device. Those methods do not require a physical access to the device and can be performed remotely, reducing the risks of being noticed. Finally we present scenarios in which the knowledge of an individual MAC address could be used for mischief.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Notes

  1. Examples of commercial RF-tracking systems: Navizon ITS (http://www.navizon.com/product-navizon-indoor-triangulation-system), Euclyd-Analytics (http://euclidanalytics.com/).

  2. The tail of the mac address and SSIDs have been replaced by ’_’.

  3. The information about the device manufacturer has been obtained through the OUI list that link MAC address prefixes to vendor names (http://standards.ieee.org/develop/regauth/oui/oui.txt).

  4. Listed as Corporation Centrino Ultimate-N 6300 by our GNU/Linux operating system.

  5. Wi-Fi Stalking tools are available at http://mathieu.cunche.free.fr/?page_id=438.

  6. Monitor mode for Broadcom WiFi Chipsets http://bcmon.blogspot.fr/.

References

  1. Aircrack-ng, a set of tools for auditing wireless networks. http://www.aircrack-ng.org/

  2. WiGLE: Wireless Geographic Logging Engine. http://wigle.net/

  3. The wireshark network analyzer. http://www.wireshark.org/

  4. Ahmad, M.S., Ramachandran, V.: Cafe latte with a free topping of cracked wep retrieving wep keys from road warriors. In: TOORCON9 (2007)

  5. Bahl, P., Padmanabhan, V.N.: RADAR: an in-building RF-based user location and tracking system. In: INFOCOM 2000. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies, vol. 2, pp. 775–784. Proceedings, IEEE (2000)

  6. Butti, Laurent, Tinnès, Julien: Discovering and exploiting 802.11 wireless driver vulnerabilities. J. Comput. Virol. 4(1), 25–37 (2008)

  7. Cunche, M.: I know your MAC Address: targeted tracking of individual using Wi-Fi. In: International Symposium on Research in Grey-Hat Hacking - GreHack, Grenoble, France (November 2013)

  8. Cunche, M., Kaafar, M.A., Boreli, R.: Linking wireless devices using information contained in Wi-Fi probe requests. Pervasive Mobile Comput. (2013) (in press)

  9. Cuthbert, D., Wilkinson, G.: Snoopy: distributed tracking and profiling framework. In: 44Con 2012 (2012)

  10. Golle, P., Partridge, K.: On the anonymity of home/work location pairs. In: Proceedings of the 7th International Conference on Pervasive Computing, Pervasive ’09, pp. 390–397. Springer, Berlin (2009)

  11. Greenstein, B., Gummadi, R., Pang, J., Chen, M.Y., Kohno, T., Seshan, S., Wetherall D.: Can Ferris Bueller still have his day off? Protecting privacy in the wireless era. In: Proceedings of the 11th USENIX workshop on hot topics in operating systems, pp. 10:1–10:6. USENIX Association, Berkeley (2007)

  12. Husted, N., Myers, S.: Mobile location tracking in metro areas: malnets and others. In: Proceedings of the 17th ACM conference on Computer and communications security, CCS ’10, pp. 85–96. ACM, New York (2010)

  13. Musa, A.B.M., Eriksson, J.: Tracking unmodified smartphones using Wi-Fi monitors. In Proceedings of the 10th ACM conference on embedded network sensor systems, SenSys ’12, pp. 281–294. ACM, New York (2012)

  14. OConnor, B.: CreepyDOL: cheap, distributed stalking. In: BlackHat (2013)

  15. Rose, I., Welsh, M.: Mapping the urban wireless landscape with Argos. In: Proceedings of the 8th ACM Conference on Embedded Networked Sensor Systems, SenSys ’10, pp. 323–336, ACM, New York (2010)

  16. Shue, C.A., Paul, N., Taylor, C.R.: From an IP address to a street address: using wireless signals to locate a target. In: 7th USENIX workshop on offensive technologies (WOOT ’13) (2013)

  17. Tippenhauer, N.O., Rasmussen, K.B., Pöpper, C., Čapkun, S.: Attacks on public wlan-based positioning systems. In: Proceedings of the 7th international conference on Mobile systems, applications, and services, MobiSys ’09, pp. 29–40. ACM, New York (2009)

Download references

Author information

Authors and Affiliations

  1. Université de Lyon, INRIA, INSA-Lyon, CITI-INRIA, 69621 , Villeurbanne, France

    Mathieu Cunche

Authors
  1. Mathieu Cunche
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mathieu Cunche.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Cunche, M. I know your MAC address: targeted tracking of individual using Wi-Fi. J Comput Virol Hack Tech 10, 219–227 (2014). https://doi.org/10.1007/s11416-013-0196-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-013-0196-1

Keywords

Search

Navigation