How Your WiFi is Betraying You

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
We know our devices leak data, but some of  the ways they do so may surprise you. Today   we’re going to talk about Wifi, in particular  something called a “WiFi Probe Request”.   Have you ever noticed that when you return  home, your phone automatically connects to   your home wifi? Or when you go to a friend’s   house or familiar coffee shop, your phone  remembers and joins their network?   What is this magic?? The way this automatic connection   works is actually incredibly stupid, and leaves  your device open to all kinds of attacks.   It can also allow someone to fingerprint and  track you, to see where you’ve previously been,   to help hackers get access to your device. In this video I’ll explain   what wifi probe requests are Why they’re a privacy nightmare   Things that have been done to  try to make them more private,   and why they’re still a privacy nightmare The ways you might be in danger   And of course what you can  do to protect yourself   I’ll give you the TLDR right now Turn your wifi off when you’re not using it,   and you’re going to want to pay close attention  to your wifi settings when you do use it.   Let’s get started with understanding  how WiFi connections work   If we have 2 devices, a phone on one hand, and  a wifi access point or router on the other.   Both kind of have to discover  each other in order for a   connection between them to be established. Johanna Ansohn McDougall is an IT Security   research associate at the University of Hamburg,  who focuses on wireless security. She explained   to me that There are basically 2 ways for this  discovery between a phone and a router to occur.   The first is called “Passive Discovery”. This is where the phone sits passively listening,   and the wifi router is constantly sending  out beacons, basically shouting out “I am   a wifi access point!” In that beacon, the router includes   information like its SSID,  or Service Set Identifier.   This is just a technical term  for the wifi name.   Your SSID might be “Naomi’s home wifi”, “joe’s  coffee shop”, Liberland airport wifi.   Whatever that network is named, that’s what  the router is going to shout out.   If the phone hears an SSID that it recognizes,  then it will connect to it. How does the   phone know whether it recognizes a name? Well it’s been secretly storing every wifi name   you’ve ever connected to. Wuuuuuuut?   Your phone contains a list of all the  known networks it's called the PNL,   the Preferred Network List, So unless you’ve been actively   forgetting networks after connecting to them,  they’re all being saved up in your phone.   Well that’s embarrassing, I hope no  one ever gets hold of THAT list.   And that brings us to the second way that  discovery between a phone and a wifi network   happens: “Active Discovery”. This is where your phone is actively   sending out probe requests asking which  wifi networks are around.   A wifi probe request is a little packet  of information that your device will   broadcast via radio waves, and you  can think of it as the equivalent   of your PHONE shouting out publicly ‘Hey Is anybody there?” every few seconds. And   any routers around it will respond: We are here! We are here!   Now exactly what information these wifi probe  requests contain and how often they’re sent out,   will vary depending on your device. But it’s important to know that   Some wifi probe requests will broadcast  your entire list of SSIDs.   Wait, What? That’s right. Everywhere you go. That entire list   of every wifi network you’ve ever connected to.  Shouted out publicly for everyone to hear.   As long as your wifi is turned on, your  phone is basically shouting out   “Here are all the networks I know of, are any of  you around”, and if one of these specific networks   IS around, It’ll respond “hey I’m here!”,   and your phone will connect to it. That’s a terrible idea, right?   Oh we’re all in agreement. It’s a terrible  idea. And actually some phone manufacturers   have changed how they handle active  discovery, so that whenever possible,   instead of sending out the whole list  of SSIDs, they will instead send out   something called a Wildcard, where they  essentially leaving the SSID field blank.   Now any nearby routers will just hear  a generic wifi probe request asking   “Anyone around”, and the router will  respond with their wifi network name   “Yes I’m here and my name  is Naomi’s wifi”,   and then the phone will cross check that name  against their PNL to see if it’s a network   they recognize, and if so they’ll say “Naomi’s wifi is on my list! Let’s connect!”   Now a few caveats, First, it’s alarming how many phones still   actually broadcast their SSID list. Johanna just co-wrote a research paper   where wifi probe requests were collected in  a busy area, and they determined that 23%   of phones were broadcasting SSIDs. Second, even with newer phones, sometimes a   phone HAS to broadcast an SSID, for example when  trying to connect to a hidden network.   If you have set your home wifi  network as a “hidden” network,   the router doesn’t announce itself, so it won’t  show up on your list of available wifi networks.   And if your phone sends out one of these  generic requests like “is anyone there?”,   the router won’t announce its name back. So in order to connect to a hidden network,   you have to specifically shout out  the hidden network’s SSID.   You’ll type it manually into your phone,  and your phone will announce   “Hey, Naomi’s hidden network are you there”, the network will respond and then   you can connect to it. But unless you specifically   forget that wifi network, that’s now in your preferred network   list, which means that forever after your  phone will go around shouting all day   “Hey, Naomi’s hidden network, are you here?  Naomi’s hidden network? Has anyone seen   Naomi’s hidden network?” knowing that this is  the only way to connect to the network.   Hilariously ironic for a network that  was trying to remain hidden.   But on top of that, your phone doesn’t even  stop broadcasting the name once when it’s   connected to that hidden network. The mobile phone will continue actively   probing for that network with just that  SS I D in case there are various access   points with the same SS I D to connect  to the one with the best signal.   So your phone is sitting there shouting: “Hey  Naomi’s hidden network! Do you have any networks   with a better signal?” the whole time you’re  connected to this hidden network.   Now why is broadcasting SSIDs a problem? First: tracking   Now I know what some of you are going to  say. You can’t track people using wifi   anymore because phones now do things   like randomize MAC addresses. A MAC address is a unique identifier for your   device, and a few years ago phone manufacturers  would broadcast it in wifi probe requests.   Obviously this was terrible for privacy because if  you’re shouting out your unique ID everywhere you   go it allows people to easily track you. Now most manufacturers send out randomized   mac addresses instead of the real one. Another thing that manufacturers started to   randomize are sequence numbers, which also  made it more difficult to use wifi probe   requests to track people. But a few of caveats.   If you have an older device or older operating  system, your phone might still be broadcasting   your real mac address and sequence number. Also,there are other ways these probe requests   can become unique fingerprints your devices. For example through the “information elements”   that are broadcast to advertise  various attributes of a phone.   Finally, your SSID list itself can make  it possible to track your device.   Think about it, you’re probably the only person  in the world who has your exact list of wifi   networks remembered their phone. The list of SS IDs. That's a very,   very identifying, uh, fingerprint, It can be used to identify individual   devices and track location. Places like shopping malls can do   this with incredible accuracy. They  know exactly which stores you visit,   how much time you spent there. How fast you walked  from one end of the building to another.   Airports can do the same thing, they can tell  if you have gone through security yet, whether   you’re going to make it to the gate on time. It’s common at trade fairs, and sometimes wifi   tracking is used simply to collect data. In one of the pedestrians zone we walked through,   um, there was a sign saying, uh, wifi tracking  in progress.Apparently they wanted to,   um, use wifi tracking in order to kind of  estimate the pedestrian flow.   The second reason that broadcasting  SSIDs is a problem is because it   can expose identifying information about a  person. Wifi networks usually have revealing   names like “Blockchain week conference 2019”,  “Verizon 1234”, “Go-go-dance- -hall”.   These names might reveal who your employer is,  your Internet service provider, where you go out   dancing, which conferences you’ve attended. The most personal thing I think I found, um,   was an S S I D for a burlesque  theater. I am almost sure that   you wouldn't want to transmit that. Some people make the wifi name of their holiday   home their address, not realizing that this  might then be broadcast publicly. Johanna   once set up an experiment during a science night  where she projected onto a wall the SSIDs that   were being publicly broadcast around her. People would look at the wall and would say,   oh my God, that's my home network. Why is the name  of my home network here? I think it's just so,   um, interesting to look at, uh, what is being  sent and how easy it is to receive all this   too. Like you, all you need is a wifi dongle  and then you can monitor everything.   This information might not just be revealing,  but might also have dangerous consequences.   They can allow someone to tell if  you have returned to your house yet,   or if you are alone in an office building. A hacker might scan their surroundings and see   that someone previously connected to a particular  hotel wifi. By sending them a rogue email that   appears to be from that hotel, they might dupe  someone into clicking on a malicious link.   Now for the elephant in the room about this  automatic wifi connection apparatus.   Our devices are determining whether they trust  networks and want to automatically connect to them   based on their SSID. But here’s the thing You can choose whatever name you   want as an SS I D. Phones aren’t looking for   some secret handshake before automatically  connecting to a wifi network. They’re just   looking for a name that they recognize, and  then automatically connecting to it.   Which makes it really easy for attackers  to pretend to be known wifi networks and   trick phones into connecting to them. These  attacks are scarily easy, especially with tools   like the wifi pineapple. The WiFi Pineapple is basically   a hot spot honey pot and it's a man in  the middle attack for wireless.   First, you scan your surroundings and see which  wifi names all the nearby phones, computers,   and iot devices are broadcasting. So these are all different SSIDs that your   phone is currently trying to connect to. It's  things that your phone has previously connected   to in the past and it's looking for those. You can also make pretty good guesses about these.   Almost all of us have connected to a Starbucks  wifi before. Unless you intentionally   asked your phone to forget that network, It now considers any network called “starbucks   wifi” to be a known network. Can you pretend to be Starbucks?   Yes I can. In this video security expert   Shannon Morse just created an open network on her  wifi pineapple called “starbucks wifi”, and phones   automatically started connecting to it. Okay so right now, I'm connected   what looks like to Starbucks, even  though there's no Starbucks.   But actually, it's the WiFi Pineapple, Now the attacker has intercepted all your internet   traffic. They can see any unencrypted internet  activity, certificates from websites you visit,   cookies that aren’t secured properly. I can't believe you're able   to see all of this. And it's just scraping. That's hilarious.   Pictures and stuff. Oh yeah, it's scraping  images from all these different websites.   Let’s repeat what we’ve learn from this. If  your wifi is turned on as you walk around,   you could be auto-connecting to malicious  networks around you without even realizing.   So here are the steps you need  to take to protect yourself.   The best advice would be to just turn off  your wifi when you're not using it.   Switch it off. On android, there are 2   settings you need to flip. First turn your wifi off   You won't be connecting to a wifi device anymore,  but probe requests are still gonna be sent.   So then you have to also switch  off “scanning via wifi”.
Info
Channel: Naomi Brockwell TV
Views: 186,861
Rating: undefined out of 5
Keywords: naomi, brockwell, bitcoin, cryptocurrency, Fiat, Bitcoingirl.org, btc, monetary, policy, currency, Bitcoin, Girl, crypto, blockchain, privacy, surveillance, naomi brockwell, nbtv
Id: poaqwozBqHY
Channel Id: undefined
Length: 13min 33sec (813 seconds)
Published: Sat Jul 02 2022
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.