How Wi-Fi has become Wi-Spy. Do you know what information your mobile devices are transmitting right now?
In this increasingly connected world, the onus on protecting our personal data needs to involve the end user.
Those without a technical background may not be aware how much personal information our devices spray out everywhere we travel.
At a recent conference in London, a very arresting demonstration from ethical hacker Glenn Wilkinson and journalist Geoff White showed how our mobiles are constantly looking for WiFi base stations we previously connected to, and hence telling the world where we have been. Because the way WiFi was designed years ago, the user cannot turn this off.
They mapped places people had been in the room recently, without any interaction from the presenters or the end users. All Glenn needed was a £30 WiFi receiver from Amazon to collect this information.
They put a disclaimer on the screen before their talk, while they were busy hoovering up the data being transmitted from every phone in the room.
The other piece of personal information is the MAC address, which is nothing to do with Apple it stands for Media Access Control. Every device that transmits has a unique MAC address that looks like f9:c6:8e:21:4c:23
This never changes (unless you know how to spoof a MAC address). This means that everywhere you go, your personal MAC address is being broadcast.
This came to light in a recent freedom of information request submitted to Transport for London who manage the Tube network.
Late last year TfL ran a pilot on the public WiFi network provided by Virgin Media at 54 of their stations. TfL rightly had posters up explaining the trial was underway and ensuring users that data collected would be “automatically de-personalised”. Its press release further added that it would not be able to identify any individuals.
What has come to light via a freedom of information request submitted to TfL for the raw data collected was that even though they automatically pseudonymised and encrypted raw MAC addresses, this COULD be used to identify an individual, when the pseudonymised data was matched against other data sets so the request was denied.
You can read more about this at dgital.link/tfl-mac-address
This means that the MAC address is gold — it uniquely pins a device to a human. As IoT devices are deployed into anything and everything, they too will have unique MAC addresses.
Back in 2013, a trial of “WiFi enabled rubbish bins” in London displaying advertising was stopped because the bins were scooping up MAC addresses of everyone that walked past via WiFi.
At a conference in London recently, it was suggested that while these bins were no longer displaying ads, they were still “listening” for MAC addresses.
The bottom line is, awareness of what information our personal devices are broadcasting at a consumer level will start to force manufacturers to give us back more control on what we share with the world.
Did you know your phone was transmitting a unique fingerprint to the world?
I’ve just changed my MAC address.
This post originally was published on LinkedIn.