What does your wi-fi say?

I spend a lot of time at airports and it turns out there isn’t much to do at 6 AM while you wait for a domestic flight. I guess I’m lucky Starbucks is open.

Since I had some time I decided to try something I had read and see if anyone’s Wi-Fi was leaking information about the access points they connected earlier.

I first listed all access points within range to make sure I could separate the local connections from those that weren’t there. The whole idea is that if you have your Wi-Fi turned on, devices will try to find a wireless access point to connect to. Logically they try to connect to access points they already know and “call” them.

As you can see below the packets captured show the SSIDs the device is trying to connect to:

 

With a unique SSID or company name it’s very easy to locate the workplace and projects the owner of the “talkative” device is currently working on. The example below gives us 2 pieces of information:

  1. The company name is UZELPROJE
  2. The owner probably recently stayed at Sefa Hotel in Corlu (a small town near Istanbul)

As a quick Google search shows us that Uzel Proje is working on environmental reports related to large projects such as hydroelectric plants we might assume the owner of the device is currently busy working on a project near Corum.

 

Information about a recent business trip can also be used for a targeted social engineering attack since the victim will be familiar with the name of the hotel and is more likely to click on a link or open an attachment he/she believes is related to their recent stay.

 

SSID names can also reveal some information about the target’s social habits as you can see below 2 SSIDs are “POOLPUB” and “The_Old_Town_Pub”. In this case it would be safe to assume the owner most probably has a social drinking habit.

 

You can also see the traces of a recent trip abroad as the SSIDs below mention Baku Airport and Paradise Hotel Baku.

 

Some SSIDs can also provide information for a bruteforce password guessing attack as the case below refers to a Turkish football team (Karadeniz Firtinasi for Trabzonspor FC and 61 being the license plate code for the city of Trabzon where the team is from). Turks are hot for football and, during penetrations tests we often find team names and important dates related to teams being used as passwords.

 

Turning the Wi-Fi off when you travel can avoid such information being leaked and it will also help you save battery 🙂