German researchers captured WiFi connection probe requests from passersby to ascertain the data sent without device owners’ knowledge. Almost a quarter of all requests exposed the SSIDs (Service Set IDentifier) of networks that devices had previously connected to.

WiFi probing is a typical procedure in establishing a connection between a smartphone and an access point. Most smartphones, by design and for convenience, constantly look for accessible WiFi networks, and connect if trusted. This kind of tracking is GDPR compliant, since it only utilizes anonymized MAC addresses.

Researchers from the University of Hamburg in Germany examined probes to see what additional data they may include. The team discovered that 23.2% of the probes exposed SSIDs of networks that devices had previously connected to. In only three hours, the researchers collected 58,489 SSIDs from random pedestrians. Many of the SSIDs had numerical sequences with 16 or more numbers, which are likely standard passwords for widespread German home routers like FritzBox and Telekom.

Persistent tracking

Aside from data leakage and the possibility of rogue hotspots accepting connections from neighbouring devices, the biggest risk is continuous/persistent tracking. The researchers conclude that MAC address randomization is vital to protect against tracking efforts. While device monitoring has become more difficult, there is still a long way to go.

The experiment was conducted in November 2021 at a bustling pedestrian zone in the heart of a German metropolis. Six antennas were used to catch probes in various channels and spectrums.

Tip: Belgian military forced to replace Huawei WiFi hotspots