References & Citations
Computer Science > Cryptography and Security
Title: Probing for Passwords -- Privacy Implications of SSIDs in Probe Requests
(Submitted on 8 Jun 2022 (v1), last revised 6 Jul 2022 (this version, v2))
Abstract: Probe requests help mobile devices discover active Wi-Fi networks. They often contain a multitude of data that can be used to identify and track devices and thereby their users. The past years have been a cat-and-mouse game of improving fingerprinting and introducing countermeasures against fingerprinting. This paper analyses the content of probe requests sent by mobile devices and operating systems in a field experiment. In it, we discover that users (probably by accident) input a wealth of data into the SSID field and find passwords, e-mail addresses, names and holiday locations. With these findings we underline that probe requests should be considered sensitive data and be well protected. To preserve user privacy, we suggest and evaluate a privacy-friendly hash-based construction of probe requests and improved user controls.
Submission history
From: Johanna Ansohn McDougall [view email][v1] Wed, 8 Jun 2022 08:36:30 GMT (582kb,D)
[v2] Wed, 6 Jul 2022 07:12:18 GMT (582kb,D)
Link back to: arXiv, form interface, contact.